Connection from sourceforge after mailing to list

older
fou4s - Fast OnlineUpdate for SuSE...

GertJan Spoelman

17 May 2002 17 May '02

17:54

Hello list, Does anyone know why sourceforge is doing this everytime I send something to this list? May 17 19:29:13 mail sendmail[576]: NOQUEUE: connect from usw-sf-fw2.sourceforge.net [216.136.171.252] May 17 19:29:13 mail sendmail[576]: g4HHTDY00576: --> 220 mail.gjs.cc ESMTP Sendmail 8.11.3/8.11.3/SuSE Linux 8.11.1-0.5; Fri, 17 May 2002 19:29:13 +0200 May 17 19:29:13 mail sendmail[576]: g4HHTDY00576: <-- HELO usw-sf-list1.sourceforge.net May 17 19:29:13 mail sendmail[576]: g4HHTDY00576: --> 250 mail.gjs.cc Hello usw-sf-fw2.sourceforge.net [216.136.171.252], pleased to meet you May 17 19:29:13 mail sendmail[576]: g4HHTDY00576: <-- MAIL FROM:<> May 17 19:29:13 mail sendmail[577]: g4HHTDY00577: --> 250 2.1.0 <>... Sender ok May 17 19:29:13 mail sendmail[577]: g4HHTDY00577: <-- RCPT TO: May 17 19:29:13 mail sendmail[577]: g4HHTDY00577: --> 250 2.1.5 ... Recipient ok May 17 19:29:13 mail sendmail[577]: g4HHTDY00577: <-- RSET May 17 19:29:13 mail sendmail[577]: g4HHTDY00577: --> 250 2.0.0 Reset state May 17 19:29:13 mail sendmail[577]: g4HHTDY00577: from=<>, size=0, class=0, nrcpts=1, proto=SMTP, daemon=MTA, relay=usw-sf-fw2.sourceforge.net [216.136.171.252] May 17 19:29:14 mail sendmail[576]: g4HHTDY00576: <-- MAIL FROM:<> May 17 19:29:14 mail sendmail[578]: g4HHTEY00578: --> 250 2.1.0 <>... Sender ok May 17 19:29:14 mail sendmail[578]: g4HHTEY00578: <-- RCPT TO: May 17 19:29:14 mail sendmail[578]: g4HHTEY00578: --> 250 2.1.5 ... Recipient ok May 17 19:29:14 mail sendmail[578]: g4HHTEY00578: <-- QUIT May 17 19:29:14 mail sendmail[578]: g4HHTEY00578: --> 221 2.0.0 mail.gjs.cc closing connection May 17 19:29:14 mail sendmail[578]: g4HHTEY00578: from=<>, size=0, class=0, nrcpts=1, proto=SMTP, daemon=MTA, relay=usw-sf-fw2.sourceforge.net [216.136.171.252] -- GertJan

Show replies by date

Togan Muftuoglu

17 May 17 May

18:39

New subject: [suse-security] Connection from sourceforge after mailing to list

* GertJan Spoelman; on 17 May, 2002 wrote:

...

Hello list,

Does anyone know why sourceforge is doing this everytime I send something to this list?

May 17 19:29:14 mail sendmail[576]: g4HHTDY00576: <-- MAIL FROM:<> May 17 19:29:14 mail sendmail[578]: g4HHTEY00578: --> 250 2.1.0 <>... Sender ok May 17 19:29:14 mail sendmail[578]: g4HHTEY00578: <-- RCPT TO: May 17 19:29:14 mail sendmail[578]: g4HHTEY00578: --> 250 2.1.5 ... Recipient ok May 17 19:29:14 mail sendmail[578]: g4HHTEY00578: <-- QUIT May 17 19:29:14 mail sendmail[578]: g4HHTEY00578: --> 221 2.0.0 mail.gjs.cc closing connection May 17 19:29:14 mail sendmail[578]: g4HHTEY00578: from=<>, size=0, class=0, nrcpts=1, proto=SMTP, daemon=MTA, relay=usw-sf-fw2.sourceforge.net [216.136.171.252]

822 section 6.3 (which you have to abide by if you send and receive Email) states that you are required to have a postmaster mailbox that is routed to the person responsible for mail (http://www.rfc822.com/). -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx

Andreas Amann

22:59

New subject: [suse-security] Connection from sourceforge after mailing to list

On Fri, 17 May 2002, GertJan Spoelman wrote:

...

Hello list,

Does anyone know why sourceforge is doing this everytime I send something to this list?

May 17 19:29:13 mail sendmail[576]: NOQUEUE: connect from usw-sf-fw2.sourceforge.net [216.136.171.252] May 17 19:29:13 mail sendmail[576]: g4HHTDY00576: --> 220 mail.gjs.cc ESMTP Sendmail 8.11.3/8.11.3/SuSE Linux 8.11.1-0.5; Fri, 17 May 2002 19:29:13 +0200 May 17 19:29:13 mail sendmail[576]: g4HHTDY00576: <-- HELO usw-sf-list1.sourceforge.net May 17 19:29:13 mail sendmail[576]: g4HHTDY00576: --> 250 mail.gjs.cc Hello usw-sf-fw2.sourceforge.net [216.136.171.252], pleased to meet you May 17 19:29:13 mail sendmail[576]: g4HHTDY00576: <-- MAIL FROM:<> May 17 19:29:13 mail sendmail[577]: g4HHTDY00577: --> 250 2.1.0 <>... Sender ok May 17 19:29:13 mail sendmail[577]: g4HHTDY00577: <-- RCPT TO: May 17 19:29:13 mail sendmail[577]: g4HHTDY00577: --> 250 2.1.5 ... Recipient ok May 17 19:29:13 mail sendmail[577]: g4HHTDY00577: <-- RSET May 17 19:29:13 mail sendmail[577]: g4HHTDY00577: --> 250 2.0.0 Reset state May 17 19:29:13 mail sendmail[577]: g4HHTDY00577: from=<>, size=0, class=0, nrcpts=1, proto=SMTP, daemon=MTA, relay=usw-sf-fw2.sourceforge.net [216.136.171.252] May 17 19:29:14 mail sendmail[576]: g4HHTDY00576: <-- MAIL FROM:<> May 17 19:29:14 mail sendmail[578]: g4HHTEY00578: --> 250 2.1.0 <>... Sender ok May 17 19:29:14 mail sendmail[578]: g4HHTEY00578: <-- RCPT TO: May 17 19:29:14 mail sendmail[578]: g4HHTEY00578: --> 250 2.1.5 ... Recipient ok May 17 19:29:14 mail sendmail[578]: g4HHTEY00578: <-- QUIT May 17 19:29:14 mail sendmail[578]: g4HHTEY00578: --> 221 2.0.0 mail.gjs.cc closing connection May 17 19:29:14 mail sendmail[578]: g4HHTEY00578: from=<>, size=0, class=0, nrcpts=1, proto=SMTP, daemon=MTA, relay=usw-sf-fw2.sourceforge.net [216.136.171.252]

Could be an Exim daemon that is trying to verify your email address. -- Best regards / Mit freundlichen Gruessen, Andreas Amann < andreas.amann@epost.de >

Graham Murray

18 May 18 May

08:42

New subject: [suse-security] Connection from sourceforge after mailing to list

Andreas Amann writes:

...

Could be an Exim daemon that is trying to verify your email address.

Yet many (probably the vast majority of) people do not run an SMTP server which allows incoming connections as email comes via ISPs and POP3. The one is SuSE 8.0 does not listen on external interfaces out of the box - you have to enable it if you want, which is a good security measure.

Andreas Amann

12:48

New subject: [suse-security] Connection from sourceforge after mailing to list

On Sat, 18 May 2002, Graham Murray wrote:

...

Andreas Amann writes:

...
Could be an Exim daemon that is trying to verify your email address.

Yet many (probably the vast majority of) people do not run an SMTP server which allows incoming connections as email comes via ISPs and POP3. The one is SuSE 8.0 does not listen on external interfaces out of the box - you have to enable it if you want, which is a good security measure.

Well, true and i probably miss your point here, but it seems sourceforge is running an exim mailer that is configured to do what the exim folks call an "callout". This callout does exactly what GertJan asked for. I am not experienced with exim, so please do not ask me for details. I just did a small lookup in the exim-documentation and telnet'd to that host because somebody told me about this 'feature' some while ago. (reference: Exim-Specification, ch. 37.10, www.exim.org) -- Best regards / Mit freundlichen Gruessen, Andreas Amann < andreas.amann@epost.de >

GertJan Spoelman

15:24

New subject: [suse-security] Connection from sourceforge after mailing to list

On Saturday 18 May 2002 14:48, Andreas Amann wrote:

...

On Sat, 18 May 2002, Graham Murray wrote:

...
Andreas Amann writes:

...
Could be an Exim daemon that is trying to verify your email address.

Yes, but why is it coming from sourceforge, if someserver.suse.com would do this I would not have asked it.

...

...
Yet many (probably the vast majority of) people do not run an SMTP server which allows incoming connections as email comes via ISPs and POP3. The one is SuSE 8.0 does not listen on external interfaces out of the box - you have to enable it if you want, which is a good security measure.

I have my own domain and run a mailserver on it.

...

Well, true and i probably miss your point here, but it seems sourceforge is running an exim mailer that is configured to do what the exim folks call an "callout". This callout does exactly what GertJan asked for. I am not experienced with exim, so please do not ask me for details. I just did a small lookup in the exim-documentation and telnet'd to that host because somebody told me about this 'feature' some while ago. (reference: Exim-Specification, ch. 37.10, www.exim.org)

O.K. so it's probably a callout from sourceforge.net, because someone (probably Togun) with a sourceforge address is subscribed to the list. See also the answer from Togun below, although he didn't explain why sourceforge is doing this when I send something to the list, I'm not the one who is sending it to sourceforge. Also I fail to see the purpose of this check, for example I could send mail to a sourceforge address with from: valid address_adress@yahoo.com, then it's probably going to check the yahoo.com mailserver although the mail is not coming from there. On Friday 17 May 2002 20:39, Togan Muftuoglu wrote:

...

822 section 6.3 (which you have to abide by if you send and receive Email) states that you are required to have a postmaster mailbox that is routed to the person responsible for mail (http://www.rfc822.com/).

Yes, but I'm not the one who is sending the mail to sourceforge, suselist does that. Imagine every mailserver is going to do this and there are a 1000 subscribers to a list, then if you sent a message to the list you immediatly get 1000 connections to your mailserver, I don't think thats how it's supposed to work. So either the check is broken or my assumption is wrong. -- GertJan

andre

19 May 19 May

08:55

New subject: [suse-security] Connection from sourceforge after mailing to list

...

Yes, but I'm not the one who is sending the mail to sourceforge, suselist does that. Imagine every mailserver is going to do this and there are a 1000 subscribers to a list, then if you sent a message to the list you immediatly get 1000 connections to your mailserver, I don't think thats how it's supposed to work. So either the check is broken or my assumption is wrong.

maybe someone is compiling a list of RFC822 compliant mailservers ? <OT> I've been wondering of late if the internet isn't working the wrong way around, maybe ordb.org should rather have a list of servers that one can safely accept mail from instead of blocking ip's that keep changing anyway ? (this will give people who wish to receive mail from compliant and non relay mail servers the option of doing so, or not...) currently we are chasing our own tails with open-relay and other checks, and there just are so many non rfc compliant mail servers out there... just a thought </OT> andre

Roger C Haslock

09:20

New subject: OT, Was Re: [suse-security] Connection from sourceforge after mailing to list

Can we have mail servers which will only forward signed mail? If the readers only accept recognised signatures, it will limit a lot of rubbish. Admittedly, this will put more load on the keyservers, but it sounds worth it. - Roger - ----- Original Message ----- From: "andre" Cc: "SuSE Security" ; Sent: Sunday, May 19, 2002 9:55 AM Subject: Re: [suse-security] Connection from sourceforge after mailing to list

...

...
Yes, but I'm not the one who is sending the mail to sourceforge, suselist does that. Imagine every mailserver is going to do this and there are a 1000 subscribers to a list, then if you sent a message to the list you immediatly get 1000 connections to your mailserver, I don't think thats how it's supposed to work. So either the check is broken or my assumption is wrong.

maybe someone is compiling a list of RFC822 compliant mailservers ?

<OT> I've been wondering of late if the internet isn't working the wrong way around, maybe ordb.org should rather have a list of servers that one can safely accept mail from instead of blocking ip's that keep changing anyway ? (this will give people who wish to receive mail from compliant and non relay mail servers the option of doing so, or not...) currently we are chasing our own tails with open-relay and other checks, and there just are so many non rfc compliant mail servers out there...

just a thought </OT>

andre

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

Andreas Amann

14:06

New subject: [suse-security] Connection from sourceforge after mailing to list

On Sat, 18 May 2002, GertJan Spoelman wrote:

...

...
...
...
Could be an Exim daemon that is trying to verify your email address.

Yes, but why is it coming from sourceforge, if someserver.suse.com would do this I would not have asked it.

Maybe it is an attempt to protect sourceforge users from those mails with different envelope- and message From: headers. Hits a lot of spam but also mailing-lists. But that is just a guess. You could try to ask the sourceforge postmasters, but i doubt they will answer.

...

Imagine every mailserver is going to do this and there are a 1000 subscribers to a list, then if you sent a message to the list you immediatly get 1000 connections to your mailserver, I don't think thats how it's supposed to work. So either the check is broken or my assumption is wrong.

I agree that this kind of check is probably not very polite. The Exim folks also state the following: "This facility [callout] should be used with care, because it adds a lot of resource usage to the cost of verifying an address." (Exim Spec, ch 37.10). Fortunately not every host runs exim with those verifying rules activated. -- Best regards / Mit freundlichen Gruessen, Andreas Amann < andreas.amann@epost.de >

GertJan Spoelman

20 May 20 May

13:53

New subject: [suse-security] Connection from sourceforge after mailing to list

On Sunday 19 May 2002 16:06, Andreas Amann wrote:

...

On Sat, 18 May 2002, GertJan Spoelman wrote:

...

...
Yes, but why is it coming from sourceforge, if someserver.suse.com would do this I would not have asked it.

Maybe it is an attempt to protect sourceforge users from those mails with different envelope- and message From: headers. Hits a lot of spam but also mailing-lists. But that is just a guess. You could try to ask the sourceforge postmasters, but i doubt they will answer.

For now I have put them in my sendmail access file and they get a nice 550 error when they try it again, so far I still can send messages to the list.

...

...
Imagine every mailserver is going to do this and there are a 1000 subscribers to a list, then if you sent a message to the list you immediatly get 1000 connections to your mailserver, I don't think thats how it's supposed to work. So either the check is broken or my assumption is wrong.

I agree that this kind of check is probably not very polite. The Exim folks also state the following: "This facility [callout] should be used with care, because it adds a lot of resource usage to the cost of verifying an address." (Exim Spec, ch 37.10).

Fortunately not every host runs exim with those verifying rules activated.

Yes, although I would not mind if a server does this when I actually mail directly to that server, but in this case I don't think it's a valid check. -- GertJan

Peter Wiersig

18 May 18 May

13:42

New subject: [suse-security] Connection from sourceforge after mailing to list

Graham Murray wrote:

...

Yet many (probably the vast majority of) people do not run an SMTP server which allows incoming connections as email comes via ISPs and POP3.

AFIAK they check your mailaddress, not your host for reception of mails, so that no ISP customer has to open his smtp-port even when sending mails to sourceforge. Peter

8014

Age (days ago)

8017

Last active (days ago)

List overview

Download

10 comments

7 participants

participants (7)

andre
Andreas Amann
GertJan Spoelman
Graham Murray
Peter Wiersig
Roger C Haslock
Togan Muftuoglu