Looping E-mails Beat The Net Down 206
Staili writes "Singapore-based women's magazine caused problems when it forwarded its mails to a large list of recipients, mainly mailing lists. In addition to security@suse.com, some help and subscribe lists were included; the type of addresses that tend to send out an automatic reply confirming receipt. And the loop was ready." I'm sure anyone who's messed with mail enough
has accidentally created a loop or two in their day, but this is really
slimey.
Wouldn't it be funny... (Score:1, Interesting)
Re:Wouldn't it be funny... (Score:2)
/etc/init.d/sendmail stop
apt-get update
apt-get install sendmail
/etc/init.d/sendmail start
Can't do an apt-get if the network is flooded with mail messages, can you?
Asia Problem (Score:1)
I remember an artical on /. about the blocking of Asian emails (mostly b/c of spam), and this mentions a Singapore-based magazine. Is it really time to consider the firewalling of certain asian email though we have to remember that many western businesses do business w/ eastern companies. If we let some isps through spammers will just route through them.
Re:Asia Problem (Score:4, Informative)
Right, well I've been to Singapore and I have to tell you that its IT and communications are in a very good state. In fact, I'm rather hoping someone actually from Singapore will chip in here
Singapore was the first place I saw ADSL in. It has a row of internet 'phone' booths on its most popular shopping street (Orchard Road). In my hotel, 24 internet access was available for a ridiculously low fee (12 SGD I think). It was cheaper for me to phone the UK from my my hotel than it was for a person in the UK to phone me. Cheaper from a hotel phone.
There seems to be some insidious 'oh, it's those clueless Asians' thread running through so many Slashdot posts recently that I think it's time the balance was addressed. The US's mobile phone system, for example, is an utter shambles compared to the Asian systems. I was reading on a UK's paper site that BT was planning to roll out the world's first internet booths - I was reading it from an internet booth in Singapore.
I can assure everyone that the people I worked with in Singapore were quite bright enough to run systems properly, and every bit as interested as their Western equivalents in doing so.
Cheers,
Ian
Re:Asia Problem (Score:1)
As the USA and UK are generally heralded as technological equals to Japan, this is pretty lame.
Re:Asia Problem (Score:1)
Re:Asia Problem (Score:1)
On another note the cars mentioned aren't all that technologically advanced. Maby for an American production car, but not for cars in general. Just because a car company says so dosen't mean it is so.
Please do a bit of independent verification. Don't just be a passive consumer, actively seek out information and verify facts.
Re:Asia Problem (Score:2, Informative)
I am not a Singaporean but I stay here. These internet 'phone' booths are not working. I believe that the plan is to implement them later on, but not yet. Right now, it is just a couple of information kiosks.
I do agree that the infrastructure in Singapore is really really good. There are a few broadband plans going for about $60-70 Singapore dollars a month. That is about $30 USD. Plus the all the service is linked to a national high speed network.
Plus, corruption in this Asian nation is almost non-existent. Bloody incredible.
Nonsense (Score:5, Insightful)
That thread is based on the emperical experience of thousands of mail admins throughout the world (not just the US, as your slashdot bash inaccurately implies). If those whose ISPs (and in some cases, countries) are being blocked wish to demonstrate otherwise, all they have to do is administer their mail servers competently and close down their open relays.
Until then, their inaction will speak louder than your words, be they from Singapore, Korea, or wherever. As one who has travelled to those places I am reluctant to block entire countries, but my boss doesn't want his mailbox filled with SPAM and if blocking half of Asia is how I appease him, then half of Asia will be blocked, period. My personal fondness of Asia (and, for that matter, Africa, and Europe, and other places I have had the privelege of visiting in the last several years) will play absolutely no role in this decision, and no role in my opinion of the (in)competence of ISP mail adminsitrators in those locations. The only metric of any concern is how many open relays there are, and how those responsible act (or, in the case of many notorious Asian providors, particularly in Korea, don't act) when the issue is brought to their attention.
As for the differences in phone systems, you are comparing apples and oranges, and assuming one causation (lack of technical knowhow) when a completely different causation (lack of well defined, enforcable government standards resulting from a lassaiz-faire market mentality in the last several administrations) is responsible, then trying to apply the erroneous conclusion derived from your erroneous assumption back to another issue that is, in any case, completely unrelated.
Internet booths are another example of the logical fallacy you have fallen into in making this argument. In a country in which more than half the homes have their own PCs, and just about every public library is already on the net (along with many schools), internet booths would be a profound waste of money. In other words, you have brought up another completely unrelated topic and misapplied it to your original argument, namely what approaches empower the most people to use the internet under what conditions, with those conditions in Singapore quite different from the United States, which in turn is very different from the UK or the rest of Europe. Clearly that has absolutely nothing whatsoever to do with the competency level of mail administrators in Asia, Africa, America, Antarctica, Mars, Pluto, the NGC-1 Nebula, or anywhere else for that matter.
Re:Nonsense (Score:5, Insightful)
Excellent example of the insidious nature I mentioned. This topic isn't even about open relays - it's about a mailing loop. Read the rest of the replies and you find most examples of these have been Western. Yet this simple, newbie slip-up is used as a yet more proof that the whole of Asia should be firewalled.
It's ridiculous.
Cheers,
Ian
More nonsense (Score:3, Insightful)
The two are related, as any rudimentary understanding of how mail systems work will make clear. Without the open relays the SPAM could not be sent to the mailing lists with their header information forged and hiding the sender's online identity. The offending messages resulting in these mail loops are originating from open relays, most of which are in Asia.
But be that as it may, you miss the point entirely (perhaps willfully?).
It's ridiculous.
No, its the only option the Asian providors are leaving us. Making a "newbie" mistake, as you misleadingly put it, is one thing. Willfully refusing to fix the problem when it is brought to your attention is something else again. Those "western" sites you refer to either fix their open relays (the most common response) or get blocked themselves.
What is more, for the last half decade almost all mail servers come with open relaying shut off by default, which means these "clueless newbies" almost certainly had to turn open relaying on, deliberately.
It is not unreasonable to infer from two deliberate actions, namely turning on open relaying in the first place, then refusing to fix the problem when it is abused and people complain, that the administrators of these sites are either appallingly incompetent or obscenely complacent. In either event we can be certain of one thing: if we want to stop receiving SPAM from these sites, we have to filter them. Period.
Re:Asia Problem (Score:1)
Those things? All you can do is look up a few info pages (shopping directory, etc.) and video chat with people in other booths on Orchard Road.
Singapore has a great policy wherein hotels are not permitted to mark up phone charges. So you are billed at the regular direct dial rate for calls.
Well, they have their share of idiots like anyone else, but at least they speak English, lah, so they can deal intelligently with complaints from the rest of the world, and keep up on security updates.
I don't know when you were there, but I saw internet phone booths in the Netherlands long before in Singapore, and even in Malaysia there were internet kiosks (half BSOD'd at any given time, granted) before such were spotted in Singapore.
Nevertheless, the general point obtains. They do pay a lot of attention to new technology and tend to be early adopters. Why not - they manufacture the stuff.
Re:Asia Problem (Score:1)
You very bad lah. So can cannot?
Cheers,
Ian
(More Singlish here [geocities.com].)
Re:Asia Problem (Score:1)
Is the US State Department then a bunch of liars when it says this about the wonderful country:
"The Government has wide powers to limit citizens' rights and to handicap political opposition. "
"The authorities sometimes infringe on citizens' privacy rights. Government intimidation and pressure to conform result in the practice of self-censorship among journalists. Government leaders historically have utilized court proceedings, in particular defamation suits, against political opponents and critics."
"During the year, a prominent opposition figure was convicted for speaking in public without a permit. Despite a continuing discussion of the possibility of an expansion of free speech rights and the Government's role regarding these rights, the Government still did not take significant concrete steps to change the wide array of laws and government practices, or the informal levers of government influence, that lie behind the limitations on civil and political rights. The Government significantly restricts freedom of assembly and association. Jehovah's Witnesses and the Unification Church are banned.
"The Government has moved actively to counter societal discrimination against women and minorities, but some discrimination persists. Foreign workers are vulnerable to mistreatment and abuse."
That's swell. What a wonderfuckingful place. I'm moving my business there so I can take advantage of all the superior technology, and hopefully get persecuted and my female employees harassed and discriminated against.
Don't take my word for it:
http://www.state.gov/www/global/human_rights
I think I'll stick with my backasswords western life, even if I can't look at slashdot from a pay phone.
Re:Asia Problem (Score:2)
The deployment of GPRS and later 3G mobile webpads it will perhaps render these booths as obsolete as mobile phones have managed to eliminate most public phone booths in European towns.
/max
Re:Asia Problem (Score:2)
Why was the header stripped... (Score:3, Interesting)
FROM THE ARTICLE: ["At savoixmagazine.com the mail headers were cut so it was almost impossible to find out where the mail originated from," said Drahtmuller. The everyday analogy is a letter stripped of its envelope that had the original return address printed on it, repackaged in a new envelope with a different return address, and forwarded on. "Usually mail loops like this are not possible with Unix systems because they always maintain the headers," he added.]
I'm not a e-mail expert, but why where those headers missing? (I did not see any reason given in the article.)
Re:Why was the header stripped... (Score:5, Informative)
Here are some things I've come up with over the years:
1) Never, ever auto-reply to MAILER-DAEMON or Postmaster (procmail has good regex macros for this -- use them or copy them).
2) Preserve the headers of messages you forward.
3) Set an X-Loop header and check for it (or *any* X-Loop header if you want to be paranoid).
4) Don't autoreply to the same address twice during [definable time period].
Those things just seem like common sense to me. Maybe someone else here knows more about the subject than I do. There has to be a HOWTO somewhere.
Re:Why was the header stripped... (Score:1)
Re:Why was the header stripped... (Score:2)
Error messages sent by mail servers should have a NULL sender/return-path. Therefore your mail server should easily be able to tell what is an error message from a machine, and not reply to it.
2) Preserve the headers of messages you forward.
I think you're confusing what is going on here. There is the type of forwarding that regular people do with their mail clients. And then there is the forwarding that SMTP servers do with email messages. All proper SMTP servers are required to keep all Received: headers intact, as well as to append a Received: header giving information about how that server received the message. Apparantly one of the mail servers involved here was munging the Recieved: headers, either on accident or on purpose.
3) Set an X-Loop header and check for it (or *any* X-Loop header if you want to be paranoid).
I've never heard of an 'X-Loop' header, but any good mail server will count the number of Received: headers and kill the message if an exorbitant number of Received: headers is found. Of course, you have to rely on all the mail servers in the loop maintaining the Received: headers as they are supposed to, just like you'd have to count on them not removing an X-Loop header if you added one. However, since Received: is covered in the SMTP RFC, it's a better bet.
4) Don't autoreply to the same address twice during [definable time period].
The Received: header counting above is a more maintainable solution to loop prevention for SMTP servers.
Those things just seem like common sense to me. Maybe someone else here knows more about the subject than I do. There has to be a HOWTO somewhere.
I've written an SMTP server in Java for my company. The HOWTO is called the SMTP (and related) RFC's.
Re:Why was the header stripped... (Score:2)
Error messages sent by mail servers should have a NULL sender/return-path. Therefore your mail server should easily be able to tell what is an error message from a machine, and not reply to it.
Yes, they should have a NULL envelope from, and the auto-responders should be able to identify that, but as I said in my previous post, many people screw it up. The results end up in my inbox every day (which should have clued you in to the fact that I don't need a lecture on how email works).
[...aforementioned lecture...] All proper SMTP servers are required to keep all Received: headers intact, as well as to append a Received: header giving information about how that server received the message.
Yes, they should, but, again, my point is that a lot of people don't get that, and try to build a completely new set of headers, which you then go on to admit:
Apparantly one of the mail servers involved here was munging the Recieved: headers, either on accident or on purpose.
... which makes your point even less clear (unless it's some bizarre variation on "no true Scotsman"). Also, you seem to be implying that the MTA is doing the forwarding. However, in many cases, it happens via the MDA.
I've never heard of an 'X-Loop' header
It has long been a standard ingredient in many procmail(1)/formail(1) recipies. A similar variant is 'X-Been-There', which, IIRC, Mailman uses.
any good mail server will count the number of Received: headers and kill the message if an exorbitant number of Received: headers is found.
Whereas an X-Loop header will stop it on the first loop. That's why people use it. They also use it because many auto-responders and forwarders are implemented outside of the MTA, as procmail recipies, perl scripts, and so on. They often act as MUAs that happen to be invoked directly by the MDA, since they are acting on a user's behalf. There's no real reason why an auto-responder or a forwarder should be part of an SMTP implementation, unless you want your MTA to be a "jack of all trades, master of none." Down that path lies madness (and Microsoft). In any case, it would be unwise for the forwarder (and especially the auto-responder) to rely upon the MTA for loop protection, so smart programmers put in a loop-protection header, just in case. Redundant safety features are a Good Thing(tm).
4) Don't autoreply to the same address twice during [definable time period].
The Received: header counting above is a more maintainable solution to loop prevention for SMTP servers.
What does that have to do with what I said? You can count Received headers all you want, but it will still be annoying as hell when an auto-responder gets on a mailing list or starts replying to another auto-responder. Any sort of header-based loop protection against auto-responders is questionable because they tend to generate an entirely new message in reply to the trigger message (though formail(1), for instance, retains the X-Loop header). That's why, for instance, vacation(1) won't reply to the same recipient twice. The newer versions also don't reply to Precedence: (list|bulk), which eliminates even the first "please rob my house" message sent to a list submission address, and further cuts down on loops.
I've written an SMTP server in Java for my company.
Well, I'm sure that will solve the world's loop problems.
Re:Why was the header stripped... (Score:2)
My guess is that some administrator decided that the more obscurity, the better... (but at the same time, I laugh at them)
Re:Why was the header stripped... (Score:2)
... which is in direct violation of SMTP [ietf.org]:
Mail chauvinist pigs (Score:3, Funny)
Re:Mail chauvinist pigs (Score:1)
Mail order pigs? (Score:2)
Ah, another Hogfather fan... (-:
If you then practiced, er, discipline with them, could they then be mail order pigs without being Catholic? The Catholics seem to have a monopoly on male-order pigs...
Mmmh (Score:1)
Haven't we all done this? (Score:3, Interesting)
And for anyone who thinks that email is a "solved" problem, should read my rant about broken autoresponders [goldmark.org]. (which is not about loops, but does cover how "solved" things can be broken).
Normal (Score:3, Informative)
Management sends out a promotion announcement or some such to everyone, those on vacation autoreply...To ALL recepients. And the war is on!
I think enough people slapped management that they finally started using BCC. But sometimes someone new comes and they forget.
Re:Normal (Score:1)
Re:Normal (Score:2, Funny)
Re:Normal (Score:2)
I can't remember clearly but perhaps Lotus Notes 'Out of Office Agent' just doesn't allow "autorespond to all recipients". And that's probably sensible.
Broken users or broken MUAs?
Re:Normal (Score:1)
I joined one company (names have been deleted to protect the fuck-witted) about a week after the "I Love You" virus came out. There were about 500 I Love You's a day going to everyone, because they were all too stupid to set a message rule to delete anything with "Iloveyou" in the subject.
This was also a company where 3000+ items in you inbox was a sign you were doing your job right, because you didn't have time to delete/organise them...
Re:Normal (Score:1)
Sounds like the admins job to me. I agree, however, that it's like pulling teeth to get users to watch out for some of the most obvious and simple problems.
The staff/faculty of our campus has been hit a bunch of times with new e-mail viruses that are new and not removed by our Exchange AV program. Even though all of them have been a part of the chaos that has ensued in the past, and ALL of them have been told countless times not to open strange attachments, I've seen some of the most senior faculty persons open some of the most obviously shady attachments you could find. And then they call the Help Desk and curse about virus makers while we are digging through call logs looking for the last time the person was told not to open strange attachments.
Re:Normal (Score:1)
I love management that actually has balls.
happened at my school once... (Score:4, Interesting)
Quickly the list became nothing but people hitting reply-all and saying "knock it off!" and "get me off the list!" Of course, all those emails and addresses in the emails meant trouble for the mail server, causing mail to get delivered multiple times and DOS'ing normal mail.
It got so bad that I had about 100 emails in a five minute span at one point. It took a Dean's sending out an email to an announcements list pointing out school policy on mass mailings to stop it.
Thankfully, everyone from those trying to sell stuff to those saying "quit it!" all had to write a 500-word essay about why what they did was wrong.
Re:happened at my school once... (Score:1)
I find this story very hard to believe, unless you attended that tiny western college with 12 students.
Say a typical email address is 20 characters. Say that a smallish school has 4000 students and 500 faculty/staff. That's a 90K header. How many MUAs can parse that? Not many. Even fewer in sufficient time that your random punter would hang around waiting for it to happen.
Re:happened at my school once... (Score:1)
Re:happened at my school once... (Score:1)
I must not repeatedly send out email messages.
I must not repeatedly send out email messages.
I must not repeatedly send out email messages.
:
:
:
Re:happened at my school once... (Score:1)
I've actually seen this happen here at UC Berkeley a few times where there's a mass mailing and some jackass replies to all asking to be taken off the list. The some other jackass replies to all telling him to shut up and stop sending out crap to everyone. The everyone replies asking to eb taken off, and bamn! The system gets overloaded. Usually the mail admins are quick enough to pull the plug on the list such that it doesn't go on forever. This happened recently with the list of students graduating this May.
Republican (Score:1)
It's not about the work - it's about the poor customer service that is plaguing universities nationwide. The customers (students) may have been in the wrong, but that doesn't mean you should ridicule them. You need to decide if their actions warrant losing their business. The universities know they can treat you like shit and people will keep giving them money because there is no alternative (since they are all the same). Then again, perhaps being continuously fucked in the ass is real world preparation after all...
(speaking as a person who is sick of being treated like a piece of dog shit by the university he shelled out some significant coin to)
Re:happened at my school once... (Score:1)
Re:happened at my school once... (Score:1)
Re:happened at my school once... (Score:1)
Looking back at what i wrote, I made it sound like everyone had to write an essay, when the reality was only those who emailed to the list had to write the essay in order to restore their email service.
Outlook... (Score:1, Informative)
This has happened 4 or 5 times to me in teh last few weeks...
This sounds like stupidity more than anything else (Score:1)
When I decided to create a mailing list, I kept the list of address in a BCC field, in an address book entry on my computer. There's no way for anyone besides me to mail everyone. If mail bounces it just comes back to my address.
Why would anyone make a list that bounces all replies back to the entire list again? It doesn't say if this was the first time they tried using the list or not, but I would figure it if was set up to do that once, it would have done it before. I mean, addresses on my list are constantly falling out of service, and I'd hate for everyone else to get all the "could not deliver" notices and the like. I find it a little hard to believe that someone would set something up like that as an accident.
Re:This sounds like stupidity more than anything e (Score:1)
Re:This sounds like stupidity more than anything e (Score:1)
I manage such lists with majordomo, and the program works fairly well.
Yahoo Groups does this (which used to be OneList, which used to be...) as a service, as does several other portals. In addition, software packages often keep mailing lists for the users of said software, as a way of tracking bugs, asking newbie questions, etc.
In the case we are discussing, the security email list for the SuSE linux distribution was one of the ones hit by the email storm, due to a misconfiguration by the Singapore women's magazine list.
Babelfish rules! (Score:2, Funny)
When Drahtmuller contacted savoixmagazine.com's hosting company in the U.S., the situation slipped into the ridiculous as the hosting company tried to reply in Drahtmuller's native German language. "Even though we contacted them in English, they ran their response through Babelfish (translation software) so we couldn't understand what they were saying," he told ZDNet U.K. "In the end we blocked their servers from our mail exchanges. We did what we could but the problem still existed."
Re:Babelfish rules! (Score:2)
Re:Babelfish rules! (Score:2)
Read the article.
SuSE contacted Sa Voix Magazine's hosting company in the US. I would expect a US hosting company to use English.
Also, send emails to enquiries@savoixmagazine.com ... if we slashdot their mail servers, they might just decide to get a clue...
Offtopic: mod_rewrite - was Re:Babelfish rules! (Score:2)
rewrite
</IfModule>
This is a cool idea, but, if you do this, doesn't it make your machine the source of the request to www.microsoft.com?
Just curious.
Re:Babelfish rules! (Score:2)
Its funny reading slashdiot, a misconfigured mailing is "more spammers from korea, BLOCK THEM ALL!!".
Re:Babelfish rules! (Score:1)
Re:Babelfish rules! (Score:2)
The Oh person, this one nearly does not smile: When the Drahtmuller input contact with accepts to the company in E.E.U.U. savoixmagazine.com's, the situation slides in the laughable situation looks like recibimiento experiments the company answers in Drahtmuller. local German language " although we deliver them contact with use English, carries out his answer and Babelfish (software logic translation) we has not so been able to understand its what said, " we think ZDNet Reino unites " we which stops the mail in finally us exchanges its server. What were we us can but still exist this question "
List readers' fault (Score:3, Insightful)
Re:List readers' fault (Score:1)
Any solution that relies on lots of people doing the right thing is bound to fail.
Another nasty effect of spam... (Score:1)
Clearly it was spam (the UBE sort).. This magazine needs a little netiquette lesson, and a slap on the wrist.
Yes, it certainly is slimy.. It's bad that someone would subscribe an address to a mailing list (and then autoforward mail from the address), and it is also bad that list servers don't provide some protection against this [ie: automatically blocking mail they're bombed with]
Re:Another nasty effect of spam... (Score:2)
I think you're right that it was done intentionally. Assuming these mailing lists require new subs to confirm subscriptions, then someone who could receive mail at the magazine's address had to do the confirmation in order to get the loop going. If that's the case, I'd guess that it was an employee there who was pissed off at someone and who decided to do some damage. OTOH, if the mailing lists don't require confirmation, then anyone could have done it. All they'd have had to do was sub the magazine's address to the mailing list and vice versa.
Ahhh, memories of high school... (Score:2)
Anecdote (Score:4, Funny)
Epilogue: I wrote the VP of the company and expressed my concern that if they weren't competent enough to use email, how was I going to trust them with my money online. The VP sent me an apology and a $50 traveler check gift!
Re:Anecdote (Score:4, Insightful)
I have never been able to figure out why so many people pull this kind of crap. Obviously they were trying something new or different than usual. Otherwise the problem would have come up earlier.
This also happens occasionally with the phone company. For some reason, the retarded assholes will make some circuit change on a Friday evening, break something, and then go home for the day (and weekend). Why not do it on Tursday morning, or some other time that allows the nitwit that made the change to fix it immediately when the customer calls in a trouble ticket? (Because all the skilled telco employees were "downsized", and only the retards are left?)
Actually, this can apply to any situation where someone makes an important change or tries something new that might have a large, unexpected effect. How about replacing a bunch of ecommerce scripts just before going on vacation? (And did you verify that your "vacation" program is working correctly?) Or how about changing your BGP filters just before leaving for the night (any night)? Or how about something more mundane, like going on a long driving trip just after changing something important, like the water pump?
I believe that this really boils down to a single factor. Does the person in question really give a shit about the consequences of his or her actions? One could argue that this person is simply too stupid to realize the potential cost of failure, but I believe that anyone who cares about his or her job will take the time to KNOW, not hope. And this person should be prepared to deal with the unexpected, and have a "worst case" fallback plan.
Why do they screw things up on Friday? (Score:2)
Of the handful of retail locations open today, the one I had a chance to get to before they closed didn't have any replacements (Hmmm. I wonder why they ran out? Could it be they had a few other people bring theirs in, too?) - at least that were working. Since tech support (including the guy who told me to go to that store) works upstairs from that particular retail location, I pointed out this fact and asked if there were any spares up there.
After much discussion via AIM between Customer Service and Technical Support, a friendly soul emerged from upstairs with 'their test modem', which I gladly accepted, knowing that it would therefore be in good order, which is how I found out about this 'update' thing.
Since only half of their retail outlets are even open on Saturday (with abbreviated hours) and none on Sunday, it seems to me like Friday night is exactly the worst time to send out an 'update' with the potential of breaking something.
down boy, down! (Score:3, Interesting)
Downsizing can make anyone look retarded. When there are not enough people to do the work, the work does not get done.
Downsizing is only half the problem anyway. There are whole industries where the average age of engineers and craftsmen is around 50. Those companies have not hired waves of new people for 20 years or so, and fired many of those that were lucky enough to get on. Think that 60 year old overworked survivor really cares about training sucessors? Nope, they are looking for a package and will give the job to you the way they got it, learn as you burn. Many great mistakes will be repeated. I believe that this really boils down to a single factor. Does the person in question really give a shit about the consequences of his or her actions?
You are entitled to your opinion. Most normal people quit jobs where things are starting to fail. The lucky ones find good alternatives. The loyal ones get stuck with a job that much more difficult. How many years of your life are you willing to give up to hopeless causes? Everyone knows the general rules. Some are lucky enough to put the big changes off as good practice, sometimes the law, demands.
I feel awful for people who do real work at the telcos. Change sucks, and they are getting plenty of it. Imagine starting your career there before deregulation. Off you whent to serve the regulated monopoly and the public. You accepted low salaries in exchange for stability and pride of serving one of the best and cheapest telco services in the world. You also put up with the more inane political nonsense and tried to just do your job.
Re:Anecdote (Score:1)
I don't think I've ever used it. Maybe that means I should get out less, or something.
Re:Anecdote (Score:2)
I know a CS professor who promotes OSS at every turn.. She encourages the use of SourceForge and absolutely loves Linux.. She uses the Reply to All option everytime she responds to a note.. I guess it just proves that Linux is making progress on the clueless desktop user front!
Re:Anecdote (Score:1)
Just a thought.
cf. asynchrony-projects.com, May 2000 (Score:2)
These problems are easy to fix, but people make mistakes... personally I'm surprised the number of mistakes has been so limited thus far.
E-Mail Database (Score:3, Interesting)
Personally, I would like to see email merge with databases. With a good relational DB, it is easy to show users what's gone through the pipe and how many emails your company has sent to a client, etc.. You can integrate the email into your CRM, etc. You can also place constraints on the system that can prevent this type of mailing list abuse that generates so much unwanted garbage.
Working with pure email clients (sendmail, exchange, whatever) seems to be like trying to fit a round cat through a square hole. [rgreetings.com]
Re:E-Mail Database (Score:2)
Linux developers are clueless (Score:5, Funny)
Restrict to only Users on List? (Score:2)
Wasn't this 6 months ago? (Score:2)
The funny thing was that I'm not on any Suse email list or on savoixmagazine.
Perhaps it happenned again but missed me. I've been out of the loop a lot recently.
Re:Wasn't this 6 months ago? (Score:2)
> so one night.
Looking back in the mess that is my mail archives, I see this happened towards the end of the week of Saturday 30 November 2001. When a search thru NANAE did not turn up anything about savoixmagazine, I decided this was just another weirdness of the Innernet, & forgot about it.
> The funny thing was that I'm not on any Suse email list or on savoixmagazine.
One theory a couple of the folks caught up in it suggested was that somehow somebody at savoixmagazine got ahold of the Linux Counter Project mailing list & added this to the mail list in question.
FWIW, after experiencing this mess, I have a little more sympathy for the bewildered user who sends off an email ``Take me off this list." I inadvertently added to the spew before I saw the email from the folks at SuSe -- which was buried in dozens of emails with the subject lines of ``Urgent", ``You have been subscribed toSuSe-security", ``You have been unsubscribed from SuSe-security". You have to get your fingers burned at least once in order to remember to sit no them before trying to solve a problem.
Geoff
Babelfished! (Score:2, Funny)
Even though we contacted them in English, they ran their response through Babelfish (translation software) so we couldn't understand what they were saying
You've got to laugh. Rebecca Ore once told of her colleague trying to deal with some francophone Canadian sysadmins. "He just babelfished them until they gave up and started using English."
oh yeah, i created a loop (Score:5, Interesting)
Ok, no problem. Read the docs, slurp this list, check these buttons, viola. One of the cute little checkboxes was "Only allow owner to send list mail." Duh - I checked it. The guy sent his email (only about 200 list members) and we went home.
I came in the next morning to 20,000 emails just in the queue. That fucker sent our tens of thousands of emails overnight, because the send restrict wasn't working. There were a couple dead addresses on the list, and they of course bounced - and Xtramail politely returned those bounces to the entire list. Wash, rinse, repeat. If that place had had a real server and a real 'net connection, it could have sent millions of emails in that time. As it was, many people on the list were (quite justifiably) pissed.
So I called up whoever owned Xtramail at that time (Artisoft at that time, but a different company now - can you say, "hot potato?") and had a slightly polite shit fit. The guy flat-out refused to acknowledge it was a problem, until I made him go through the same steps on his local copy.
Crickets.
"Uh, looks like that option isn't working. I'll have to file a bug report." Then I spent another 45 minutes trying to get accounting to refund the $200 I'd given them for the support call.
They never did fix the bug, but I gave up my plans to have a graceful transition. I pulled that POS out the same day and installed another little NT mailer, quite a nice one, until I replaced the whole thing with a qmail FreeBSD box.
No moral to the story, really ('cept I should have been more paranoid, and tested the list more). But I bet more than a few readers have had that quick "oh shit" feeling as they saw the queue filling up.
Kinda like Apple... (Score:2, Funny)
I know, it's bad...
It happened with lawyers in my state... (Score:2)
Clueless lawyers.
Sharks (Score:3, Funny)
Even sharks are not that bad. They do sometimes bite each other in a feeding frenzy, but this is much less often than lawyers threatening to sue each other. I love this story. I'm going to send it to all the lawyer mailing lists I know of.
Cyber Terrorism? (Score:2)
If the internet in your state nearly collapsed, what's to keep this from being applied, maliciously, on a wider scale across a nation or the world?
Idea #1: Several e-mail worms exploited sending mail to all addresses in users' address books. The impact was rather dramatic. What if the e-mails were ALSO sent to mailing lists instead of just individual e-mail accounts?
Idea #2:Could a malicious user subscribe to a number of mailing lists, using different e-mail accounts, and then auto-forward all the accounts to each other? Maybe with a few auto-responders in the bunch? (Not sure of the specifics, here, but the idea is to get an e-mail that comes in, to automatically go back out to at least one, if not several, other accounts and/or mailing lists.)
Up until the time that the accounts are cross-forwarded, everything looks normal. Could even sign up these accounts with known spammers to get a good-sized stream of e-mail flowing.
At some point, just cross-forward / auto-respond / etc. the accounts and wait for the first e-mail to a mailing list to get the ball rolling. If enough lists are signed up, and accounts cross-forwarded... well, by the time it's figured out, there'd be so many people replying to the messages that the impact could be pretty massive.
Idea #3:Opt-in many large mailing lists to many known spammers.
These seem like obvious ideas to me, so I'm wondering if I'm missing something obvious? What's to kep these from happening?
This happens too often... (Score:4, Insightful)
You start receiving message from people that are asking "WTF" and then people replying to get out of the list and the gazillion "me too" posts and then the bitching following because they aren't putted out and receiving another million of people bitching at the last million emails...then a moderator jumps in, exmplain the situation, then you get another bunch of emails because people didn't read it, and it goes on until the moderator +M the list.
What's the mistake?
1. not taking the people for complete idiots
Not meant in a insulting way, but rather that taking for granted that people will understand X and Y and Z, it's not because they signed up for a beta, or whatever, that they are mature people or good with internet/communicating/netiquette. So if you take for granted that you will operate a bunch of monkeys for a start, you won't get this problem, and the more you see how the list is, the more slack you can cut off.
Basically it's like a server, if you open all access to everything, and cut after, it's hell with the users. If you start strick and cut some slack, it's always better (best example being the quota, people flood your drives, and blam!. the other way around is people manage their space, and welcome the added storage). This is a stretched example but the concept can apply to a mailing list when all the posts needs to be moderated (pain in the ass and you don't get instant feedback) versus when they go freely in the list, to people that KNOW they will receive the email and will react correctly.
2. The lack of experience at managing mailing list.
Just go to egroups and looks at all the flame/crap going around in some mailing lists... sometimes it goes out of control and gets ugly, a good moderator knows when to jump in and how to so nobody gets offended and people drop it willingly instead of being forced to.
3. Lack of technical expertise and lack of communication
Something lame, but if you setup a mailing list for your customers for example, and you don't know what the "digest versus individual email" mode does, and you don't even bother to check, (well this is a lame example again but you get the idea) well if you have an average 20 emails a day for lets say, update on a product or different security patches for different modules and some will concern everyone some won't but you send them anyways, maybe you should be sure of every switch you'll turn on on the mailing list software, and be sure to ask the customers over the phone if they'd like an email for every fixes or a batch in 1 email every day for example (or better, give them the option and explain it clearly).
And also, never forget that you are dealing with human being, this might sound stupid, but everyone here that ever ran a BBS, or a mailing list, knows what this means and the implications (flame, mistakes, etc).
Sometimes Mailing list are a good thing, most time, people tend to forget that FORUMS can do as much and even better (search, no need to give out email addresses, etc). A counter-example would be to issue security alerts, for this, email rules. You have to weight the for and against for the project you are working on, and if you are to be moderator, be sure you know exactly what you are dealing with, both the software and the target people, and setup with these previous raw guidelines in mind, and unless you make a big mistake, it should go fine.
My $0.02
Mail loops, and circle jerks (Score:5, Interesting)
This is my tiny war story.
I do some volunteer work as a sysadmin in our local Internet club (300 apartments sharing a 2Mbit, soon-to-be 4Mbit line). When we started however, we only had a 512Kbit line, so in our wisdom we configured our MTA (Qmail) to bounce mails above 20Mbyte in size. We also thought it would be a good idea, to use our inet-feed provider as a backup mail relay, so in case our servers were down, mail would queue up there, ready to be delivered, when we went online again.
But one of our users had set up his Outlook mail account on his work, to forward all mail to his mail account at our network. So far so good, but then, just before leaving work one day, he mailed his home account at our network a 300Mbyte attachment (splitted up in 10 30Mbytes parts).
This is what happenend then;
Qmail recieved each attachment, but didn't bounce them, until the entire mail was recieved.
To my knowlegde, Qmail then appended the right RFC error message header to the mail, and bounced it, headers, attachement and all.
But the mailserver on the other end (MS Exchange) didn't respect that, but instead it forwarded the bounced mail to our server again, while rewriting the headers and subject.
The two mailservers now bombarded each other with 30Mbyte mails, and since we had the slimmer pipe, we were losing the battle. (I believe that this scenario is called a "mail circle jerk").
It took some time, to straighten things out. Oh, and we discovered that the back up mail relay really did work, since it kicked into action, when we brought our mailserver up, and promptly tried to deliever a +Gigabyte of bounced and resend mail.
Lessons to be learned; mail qoutas can have nasty sideeffects, backup mail releays can be a double-edged sword when things turns nasty. Automatic forwarding is can be very nasty indeed. And finally; How does your MTA or MUA forwarding rules react to a RFC error messages?
Lessons learned: (Score:2)
Conclusion: use sendmail. Especially now, after your article taught every script kiddy and his dog how to efficiently "tease" Qmail admins...
Unavailable (Score:2)
I wonder if the author tried emailing webmaster@savoixmagazine.com [mailto].
This was predicted a loooonnnggg time ago. (Score:2, Interesting)
I actually wrote an article for the hacker community on this exact problem about a year ago. I hosted the article at myhometechie.com - which is my own web site. I also submitted the article to hackcanada, and 2600.com - which is the authority for hacking issues.
Well, despite my long trek and obvious dedication to showing up at 2600's conference, H2K, in July of 2000 - they didn't feel like printing my article ; and I definately did not want to test my theory.
Oh well. Their loss. This could have been averted if the problem of looping auto-repliers had become common knowledge.
You can find my article here [myhometechie.com].
Who owns savoix now? (Score:2, Funny)
Will the last h4x0r out of the savoixmagazine.com honeypot please shut down the server?
Thanks,
-Rothfuss
Dear Supreme Court... (Score:2, Funny)
Supreme Court of the United States
Washington, DC 20543
Dear Justices:
Please make it completely legal to spray gratuitous amounts of napalm on spammers.
Sincerely,
Ryan Bruels
Get some *real* software (Score:1)
LISTSERV started out on BITNET as freeware, shipped with full source, and ran on IBM VM mainframe systems. By the time the primary author decided to make it his full-time job in the early 1990s, it already had all sorts of facilities for auto-detecting mail loops and doing things like auto-banning loop senders and ran on a wide variety of systems, Unices included. Even today, LISTSERV is available free for smallish lists as long as there's no profit involved.
Don't wast your time on imitations (Majordomo, etc.), start using the program that inspired all the wannabes. An admin's time is too short to waste monitoring lists.
We used to do this on purpose (Score:2, Funny)
Invariably you'll send someone an email on a saturday and get an out of office autoreply. We'd find two people who had autoreplies, and fake-mail one of them with the from address of the other one.
Boom, instant loop that would bring down both mail servers in an hour. For added points, do it with 3 or 4 people at the same time (they almost always replied-all). For bonus round, do it with 2 or 3 customer support addresses (the ones that send out a form mail automatically)
Most auto replies these days are smart enough to detect a loop and avoid it.. but back then virtually none of them were.
Could you "bring down the internet" with this trick? No. Could you bring down a few mail servers? Yup.
Re:We used to do this on purpose (Score:1)
You can read this [slashdot.org] which I just submitted, for my own experience with Exchange and OOA.
MS Exchange 2000 "Out of the office agent" problem (Score:3, Informative)
One of the 'Features' we discovered in E2K, is that whenever one emails a mailing list and that some people on this list have activated the out of the office agent ("OOA"), a reply from each one of these people is generated, even though none of these recipients were in To: or CC: field in the first place. Microsoft has yet to produce a fix, if ever.
This is a devious method for finding out who's on vacation and who isn't, but the side effect (when one doesn't understand what's happening) is surprising to say the least, and all of this is unsollicited email (spam).
Some good pointers to the OOA debate:g 12543.html [ietf.org] g 12544.html [ietf.org]
A. http://www1.ietf.org/mail-archive/ietf/Current/ms
Q. http://www1.ietf.org/mail-archive/ietf/Current/ms
Unfortunately, there was no further follow-up on this last question.
Also, from http://www.slipstick.com/rules/autoreply.htm [slipstick.com] :
"If you are using OOA, be sure to keep a list of all the mailing lists you have subscribed to, so that you can either unsubscribe or change your list settings so that you receive no message from the list while you have OOA turned on. It's rude to send OOA messages to mailing lists."
From the above text, their workaround is to unsubscribe from any mailing lists you may be subscribed to when turning on the OOA. This doesn't scale when the company has got 30,000+ roaming workers making extensive use of the OOA, when each worker must unsubscribe/resubscribe to 10's of mailing lists each time (would _you_ do it ?).
Their sentence ``It's rude to send OOA messages to mailing lists.'' perfectly summarizes what this is all about, and how certain problems are generated in the first place.
I rest my case. Thank you for reading this far.
This was annoying. (Score:2)
Of course, people didn't respond well when I started blasting them for their idiocy.
Thank goodness KMail has Outlook-style filtering rules. I have a ruleset that's still left over from that fiasco. I had one lady from NYC that started spewing venom at me for spewing venom at someone who was sending the email. She's still in the ruleset.
Re:This was annoying. (Score:2)
Of course, people didn't respond well when I started blasting them for their idiocy.
Of course not, anti-spam zealots are beyond reason. If you question any premise, any measure, you're as bad as the spammer. Kinda reminds me of the current US administration.
Uber Security! Der Mann Ja! (Score:2, Funny)
Trabule, Vhat Trabule Vee are in?
Der Dreded Spam LOOP!
Der Dreded Spam LOOP? Vas is Das? Dreded Spam LOOP.
Der Dreded Spam LOOP is making der Mobius Loop look like a kindergarten loolipop
Spam! Endless Spam! Der Endless Nacht has begun Und Vee are DOOMED!
Is der no one, no one who can save us from dis Spam monster?
There is one. ONE. Der is ONE WITH THE FORCE! VEE MUST CALL OUT TO HIM.
ROMAN, ROMAN DRATHMULLER SECURITY UBER GEEK VEE CALL OUT TO YOU IN OUR TIME OF NEED
Roman Drathmuller? He ist gut?
Nein, nicht gut, ROMAN DRATHMULLER IST BAAAAAAAD! JA
Dat sound. He is coming vit der russling sound of newpapers wind blown in der streets of Brazil, ust like Robert De Niro.
I am herring yer call ja und herr I am
Roman, Roman Drathmuller you have come in ust der nich of time. It is der Dreded Spam LOOP. Der Headless Harassment of der Net Vorld.
O Dis is nich gut it has grown too powerful. It is now der Spam Borlag! Der is only von vay vee must BLACK HOLE DER MAILING LIST UND SEND DIS MONSTER BACK TO DER HELL THAT SPAWNED IT!
Der Mailing List it grows ever darker, svirling, svirling into darkness
IT is dying ja dying, Roman, Roman Darthmuller you have saved us!
IT IS DONE! It vill bother you no more
Y2K mailing list meltdown (Score:2)
Needless to say there was a tremendous amount of traffic, and a tremendous amount of whining because many of the readers where Very Important People (in their own mind) who didn't have time for this nonsense.
Someone eventually found the culrprit's coworker's phone number and got the vacation program turned off. Everyone breathed an aggrieved sigh of release...
... until I pointed out that this was a good exercise in what Y2K may be like. Even if 99% of the systems ride through it without problems, a single 1% that failed could flood email channels, or take out local phone systems, etc. The self-annointed VIPs got real quiet about then - these were mostly non-technical managers who had been shielded from technology gone bad in the past.
My mail loops getting my hub running with Exim (Score:2)
Lusopeople? (Score:2)
At any rate, the torrent seems to have abated; perhaps it's over now.
People and their innapropriate use of TO and CC: (Score:4, Funny)
Recently, my cousin was one of these abusers, and, being family, was totally fair game for some retribution. He was about 6 weeks away from leaving his job to go back to school, so he emailed his hotmail account a message, and CC'd that message to EVERYONE in his contact list at work, all so it was easier for him to import their addresses into Hotmail. There were over 350 people in this list. If this wasn't bad enough, he mis-spelled his hotmail address on the first message he sent out so he sent a SECOND message.
Well, that was the final straw.
Now, little known to Steve, me, being somewhat of a techie, had acquired his SteveLastname.com domain name as an upcoming birthday present. I proceded to send out an email to EVERYONE on his CC list, pointing out the totally innapropriate way in which Steve had used his email, and made a general call for embarrassing pics, stories, etc., that we could use to shame him.
Well, within 2 minutes, his dad sent in a Christmas pic of Steve when he was 7, his brother sent in his 1st date pic, and friends from work sent in pics and stories from the bar, etc. Each time something new came in, it was put up on his site and the email list was notified. It's interesting to note that the opt-out was included in the first response, and at the end of the day, only 2 guys had done so.
Now, let me fill you in a little bit on the scope of this little prank. You see, Steve was working at the largest investment bank in Canada, and probably 80% of the people on the list were his fellow workers. Well, word spread. Within an hour of the first notification, the site had been hit almost 1,000 times. At the end of a fun, 4 day run, the site had been hit almost 60,000 times (page views). To top it off, the top execs at the company (CEO, CTO, CIO, etc.) all made a field trip at the end of one of their exec meetings to come down and say good-bye to Steve in person. Now, Steve was a little terrified over this attention from the execs, but it was nicely relieved when they proceded to hand him a letter of reccommendation signed by all of them and they all had a good laugh about it.
All in all, it was pretty fun, and Steve was a good sport, but at the end of the day, email abusers still piss me off!
Re:Please.... (Score:1)
Re:Is this a problem with windows? (Score:2)
I run a few lists and every once in awhile I get a looped message, but you know, it usually only spins about once and never finished the second circuit before being chopped off and dropped into the hands of the postmaster.