Received-SPF: neutral (google.com: 209.85.220.41 is neither permitted nor denied by best guess record for domain of gbnewby@petascale.org) client-ip=209.85.220.41;
MIME-Version: 1.0
References: <CANLuyJYsCWbJBv-vfw7Q+eE1AeKrdLX31-AS20qb2vxQ_EEOYA@mail.gmail.com>
 <CABA1gGKtFOtU9ZX5m8Hkb9E+9CDoya8e_8VvywRH_fgJXB8Dkg@mail.gmail.com>
In-Reply-To: <CABA1gGKtFOtU9ZX5m8Hkb9E+9CDoya8e_8VvywRH_fgJXB8Dkg@mail.gmail.com>
From: Greg Newby <gbnewby@petascale.org>
Date: Sun, 17 Sep 2023 07:43:51 -0700
Message-ID: <CANLuyJbq76aoo9Evt1h5i5rdX91Ouuyf1UJ8cYGD8Z8uvQM3vw@mail.gmail.com>
Subject: Re: Your messages to cypherpunks
To: mailbombbin <mailbombbin@gmail.com>
Cc: Karl Semich <gmkarl@gmail.com>, Greg Newby <gbnewby@pglaf.org>
Content-Type: multipart/alternative; boundary="0000000000008cec7f06058f0eb2"

--0000000000008cec7f06058f0eb2
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Karl. Thanks for your note.

There are indeed two problems. I spent several hours yesterday going
through logs and making a few adjustments to the settings on the server, so
I think I have a reasonable understanding of the situation.

For the messages that YOU send, there is definitely a problem. There are
thousands of bounces still in the queue from cypherpunks subscribers where
the email system they use, like gmail or yahoo, started rejecting message
from you saying that too many messages have been sent.

This is rate limiting by the email services. It's not just gmail and yahoo
that do this.

The end result is that your messages are not delivered immediately to
subscribers. Sometimes they bounce permanently (i.e., will never be
delivered) and other times it's a temporary issue until, after a quiet
period of at least a few hours, the messages are accepted again.

Here is the first part of an example log message that lists around 100
gmail users:
D34D811C0238   11973 Sat Sep 16 21:07:34
cypherpunks-bounces@lists.cpunks.org
(host alt1.gmail-smtp-in.l.google.com[209.85.202.27] said: 421-4.7.28
[69.55.231.143      15] Our system has detected an unusual rate of
421-4.7.28 unsolicited mail originating from your IP address. To protect
our 421-4.7.28 users from spam, mail sent from your IP address has been
temporarily 421-4.7.28 rate limited. Please visit 421-4.7.28
https://support.google.com/mail/?p=3DUnsolicitedRateLimitError to 421 4.7.2=
8
review our Bulk Email Senders Guidelines.
n18-20020a5d4012000000b003200b1e9219si887019wrp.921 - gsmtp (in reply to
end of DATA command))

Unfortunately this doesn't just impact messages from you. Any message from
the server to those services is held or bounced.

Because cypherpunks isn't the only service on my server, this means that
some of the other activities are impacted. This includes one of my key
volunteers for Project Gutenberg who utilizes a yahoo.com email address --
my messages to him were rejected, even though he has nothing to do with
cypherpunks and it was even from a different hostname (lists.pglaf.org not
lists.cpunks.org, but they are both hosted on the same system).


I hope this longish explanation explains why the frequency of your messages
creates a big problem for the cypherpunks list, why many subscribers will
never see your messages, and why it creates indigestion for other stuff the
server needs to do.


The second problem is that someone has targeted you for the unsubscription
mail bombs. I spent awhile trying to mitigate this, and the only immediate
solution would be to remove you from the cypherpunks subscriber list and
let you subscribe from another address.

Luckily those messages seem to have stopped for now. Yesterday, for perhaps
12 hours, around one password reset per second was being sent. This
resulted in a backlog of over 30000 (!) messages that were clogging up my
server, but could not be delivered to you because of gmail rate limiting.
So, you would have gotten a whole lot more of those messages if I hadn't
deleted them all.

The attack was distributed. Each request came from a different IP address -
I counted over 200,000 of these. I'm not sure how many you got before I
deleted 30,000 and it seems the attack stopped early in the evening
Saturday night (maybe by 6pm PDT). If it hasn't stopped entirely, it is
definitely a lot less frequent now. I could take a closer look at the
logfiles if it might be helpful.

If the attack was from a single IP address or group of IP addresses I could
block them easily enough. But they came from a different address every time=
.

Clearly someone got on the dark web and hired a botnet army to send all of
these password reset requests against you.

So, that is also a problem because it also caused gmail (your mail service)
to start rejecting messages to anyone.


I'm going to be outside for the next 8-10 hours, and will see any messages
from you when I return. Thanks for your understanding about this. As I
tried to say below, I'm not trying to censor your messages. But the
frequency of messages should decrease to avoid the first type of problem
above, and this can be done by you sending fewer longer messages rather
than many short messages.

Best regards,
  Greg


On Sun, Sep 17, 2023 at 7:24=E2=80=AFAM mailbombbin <mailbombbin@gmail.com>=
 wrote:

> Greg thank you for messaging me about this.
>
> So you know, I have been receiving high-frequency mailbombs sent via
> the list, in the form of password recovery requests and removal
> requests. I have tens of thousands of these filtered on this address,
> and they delay the delivery and receipt of mails for me. They come
> reliably, many per hour.
>
> Is it possible this is the source of the clog on the list, rather than
> my sporadic posts?
>

--0000000000008cec7f06058f0eb2
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Hi Karl. Thanks for your note.</div><div><br></div><d=
iv>There are indeed two problems. I spent several hours yesterday going thr=
ough logs and making a few adjustments to the settings on the server, so I =
think I have a reasonable understanding of the situation.</div><div><br></d=
iv><div>For the messages that YOU send, there is definitely a problem. Ther=
e are thousands of bounces still in the queue from cypherpunks subscribers =
where the email system they use, like gmail or yahoo, started rejecting mes=
sage from you saying that too many messages have been sent.</div><div><br><=
/div><div>This is rate limiting by the email services. It&#39;s not just gm=
ail and yahoo that do this.</div><div><br></div><div>The end result is that=
 your messages are not delivered immediately to subscribers. Sometimes they=
 bounce permanently (i.e., will never be delivered) and other times it&#39;=
s a temporary issue until, after a quiet period of at least a few hours, th=
e messages are accepted again.</div><div><br></div><div>Here is the first p=
art of an example log message that lists around 100 gmail users:</div><div>=
D34D811C0238 =C2=A0 11973 Sat Sep 16 21:07:34 =C2=A0<a href=3D"mailto:cyphe=
rpunks-bounces@lists.cpunks.org">cypherpunks-bounces@lists.cpunks.org</a><b=
r>(host <a href=3D"http://alt1.gmail-smtp-in.l.google.com">alt1.gmail-smtp-=
in.l.google.com</a>[209.85.202.27] said: 421-4.7.28 [69.55.231.143 =C2=A0 =
=C2=A0 =C2=A015] Our system has detected an unusual rate of 421-4.7.28 unso=
licited mail originating from your IP address. To protect our 421-4.7.28 us=
ers from spam, mail sent from your IP address has been temporarily 421-4.7.=
28 rate limited. Please visit 421-4.7.28 =C2=A0<a href=3D"https://support.g=
oogle.com/mail/?p=3DUnsolicitedRateLimitError">https://support.google.com/m=
ail/?p=3DUnsolicitedRateLimitError</a> to 421 4.7.28 review our Bulk Email =
Senders Guidelines. n18-20020a5d4012000000b003200b1e9219si887019wrp.921 - g=
smtp (in reply to end of DATA command))</div><div><br></div><div>Unfortunat=
ely this doesn&#39;t just impact messages from you. Any message from the se=
rver to those services is held or bounced.</div><div><br></div><div>Because=
 cypherpunks isn&#39;t the only service on my server, this means that some =
of the other activities are impacted. This includes one of my key volunteer=
s for Project Gutenberg who utilizes a <a href=3D"http://yahoo.com">yahoo.c=
om</a> email address -- my messages to him were rejected, even though he ha=
s nothing to do with cypherpunks and it was even from a different hostname =
(<a href=3D"http://lists.pglaf.org">lists.pglaf.org</a> not <a href=3D"http=
://lists.cpunks.org">lists.cpunks.org</a>, but they are both hosted on the =
same system).</div><div><br></div><div><br></div><div>I hope this longish e=
xplanation explains why the frequency of your messages creates a big proble=
m for the cypherpunks list, why many subscribers will never see your messag=
es, and why it creates indigestion for other stuff the server needs to do.<=
/div><div><br></div><div><br></div><div>The second problem is that someone =
has targeted you for the unsubscription mail bombs. I spent awhile trying t=
o mitigate this, and the only immediate solution would be to remove you fro=
m the cypherpunks subscriber list and let you subscribe from another addres=
s. <br></div><div><br></div><div>Luckily those messages seem to have stoppe=
d for now. Yesterday, for perhaps 12 hours, around one password reset per s=
econd was being sent. This resulted in a backlog of over 30000 (!) messages=
 that were clogging up my server, but could not be delivered to you because=
 of gmail rate limiting. So, you would have gotten a whole lot more of thos=
e messages if I hadn&#39;t deleted them all.</div><div><br></div><div>The a=
ttack was distributed. Each request came from a different IP address - I co=
unted over 200,000 of these. I&#39;m not sure how many you got before I del=
eted 30,000 and it seems the attack stopped early in the evening Saturday n=
ight (maybe by 6pm PDT). If it hasn&#39;t stopped entirely, it is definitel=
y a lot less frequent now. I could take a closer look at the logfiles if it=
 might be helpful.<br></div><div><br></div><div>If the attack was from a si=
ngle IP address or group of IP addresses I could block them easily enough. =
But they came from a different address every time.</div><div><br></div><div=
>Clearly someone got on the dark web and hired a botnet army to send all of=
 these password reset requests against you.</div><div><br></div><div>So, th=
at is also a problem because it also caused gmail (your mail service) to st=
art rejecting messages to anyone. <br></div><div><br></div><div><br></div><=
div>I&#39;m going to be outside for the next 8-10 hours, and will see any m=
essages from you when I return. Thanks for your understanding about this. A=
s I tried to say below, I&#39;m not trying to censor your messages. But the=
 frequency of messages should decrease to avoid the first type of problem a=
bove, and this can be done by you sending fewer longer messages rather than=
 many short messages.</div><div><br></div><div>Best regards,</div><div>=C2=
=A0 Greg</div><div>=C2=A0<br></div></div><br><div class=3D"gmail_quote"><di=
v dir=3D"ltr" class=3D"gmail_attr">On Sun, Sep 17, 2023 at 7:24=E2=80=AFAM =
mailbombbin &lt;<a href=3D"mailto:mailbombbin@gmail.com">mailbombbin@gmail.=
com</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"marg=
in:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1e=
x">Greg thank you for messaging me about this.<br>
<br>
So you know, I have been receiving high-frequency mailbombs sent via<br>
the list, in the form of password recovery requests and removal<br>
requests. I have tens of thousands of these filtered on this address,<br>
and they delay the delivery and receipt of mails for me. They come<br>
reliably, many per hour.<br>
<br>
Is it possible this is the source of the clog on the list, rather than<br>
my sporadic posts?<br>
</blockquote></div>

--0000000000008cec7f06058f0eb2--