Sorry if those shows up a few times. I was dicking around and ran it without realizing it was sending email!
On Jul 13, 2019, at 9:44 PM, Punk <punk@tfwno.gf> wrote:
This is quick and dirty test of impersonating Juan using my own cock.li account to connect but fudging the headers (its just a few lines of perl wrapped around an openssl command).
Did it work?
John jnn@synfin.org
And it didn't work very well in any case, the first line in the headers is
Return-Path: <nixen@cock.li>
.. which is my cock.li account :P I will now stop abusing the mail system tonight. John On Sat, Jul 13, 2019 at 09:53:19PM -0500, John Newman wrote:
Sorry if those shows up a few times. I was dicking around and ran it without realizing it was sending email!
On Jul 13, 2019, at 9:44 PM, Punk <punk@tfwno.gf> wrote:
This is quick and dirty test of impersonating Juan using my own cock.li account to connect but fudging the headers (its just a few lines of perl wrapped around an openssl command).
Did it work?
John jnn@synfin.org
-- GPG fingerprint: 17FD 615A D20D AFE8 B3E4 C9D2 E324 20BE D47A 78C7
On Sat, 13 Jul 2019 22:57:11 -0400 John Newman <jnn@synfin.org> wrote:
And it didn't work very well in any case, the first line in the headers is
Return-Path: <nixen@cock.li>
.. which is my cock.li account :P
I will now stop abusing the mail system tonight.
so either somebody 'guessed' my random password, or somebody at cock.li is playing games. If it's Vince, then Hi Vince! and thanks for the service(not including impersonation)
On 07/14/2019 02:19 PM, Punk wrote:
On Sat, 13 Jul 2019 22:57:11 -0400 John Newman <jnn@synfin.org> wrote:
And it didn't work very well in any case, the first line in the headers is
Return-Path: <nixen@cock.li>
.. which is my cock.li account :P
I will now stop abusing the mail system tonight.
so either somebody 'guessed' my random password, or somebody at cock.li is playing games. If it's Vince, then Hi Vince! and thanks for the service(not including impersonation)
Now _that's_ funny. John didn't say that he compromised your CockMail account. He said that he just spoofed "headers". But maybe you ought to pretend that someone did successfully spoof this message ;)
On Sun, 14 Jul 2019 15:28:37 -0700 Mirimir <mirimir@riseup.net> wrote:
On 07/14/2019 02:19 PM, Punk wrote:
On Sat, 13 Jul 2019 22:57:11 -0400 John Newman <jnn@synfin.org> wrote:
And it didn't work very well in any case, the first line in the headers is
Return-Path: <nixen@cock.li>
.. which is my cock.li account :P
I will now stop abusing the mail system tonight.
so either somebody 'guessed' my random password, or somebody at cock.li is playing games. If it's Vince, then Hi Vince! and thanks for the service(not including impersonation)
Now _that's_ funny.
John didn't say that he compromised your CockMail account.
Right. And I never suggested or implied he did. So what are *you* suggesting?
He said that he just spoofed "headers".
Right. I never said or implied that he did anything else. I assumed that cock.li allowed spoofed headers, he tested it. So what are you on about?
But maybe you ought to pretend that someone did successfully spoof this message ;)
are you drunk?
On 07/14/2019 03:36 PM, Punk wrote:
On Sun, 14 Jul 2019 15:28:37 -0700 Mirimir <mirimir@riseup.net> wrote:
On 07/14/2019 02:19 PM, Punk wrote:
On Sat, 13 Jul 2019 22:57:11 -0400 John Newman <jnn@synfin.org> wrote:
And it didn't work very well in any case, the first line in the headers is
Return-Path: <nixen@cock.li>
.. which is my cock.li account :P
I will now stop abusing the mail system tonight.
so either somebody 'guessed' my random password, or somebody at cock.li is playing games. If it's Vince, then Hi Vince! and thanks for the service(not including impersonation)
Now _that's_ funny.
John didn't say that he compromised your CockMail account.
Right. And I never suggested or implied he did. So what are *you* suggesting?
He said that he just spoofed "headers".
Right. I never said or implied that he did anything else. I assumed that cock.li allowed spoofed headers, he tested it. So what are you on about?
But maybe you ought to pretend that someone did successfully spoof this message ;)
are you drunk?
so either somebody 'guessed' my random password, or somebody at cock.li is playing games. If it's Vince, then Hi Vince! and thanks for
No, but are you blind? You said this: the service(not including impersonation) It's not uncommon for email providers to allow spoofed headers.
On Sun, 14 Jul 2019 15:52:21 -0700 Mirimir <mirimir@riseup.net> wrote:
No, but are you blind?
right back at you - are you blind, retarded, high or what?
You said this:
so either somebody 'guessed' my random password, or somebody at cock.li is playing games. If it's Vince, then Hi Vince! and thanks for the service(not including impersonation)
yes, AND?
It's not uncommon for email providers to allow spoofed headers.
go read what John wrote. Then read my reply. And if you still don't get it, don't bother with further messages...
On 07/14/2019 04:02 PM, Punk wrote:
On Sun, 14 Jul 2019 15:52:21 -0700 Mirimir <mirimir@riseup.net> wrote:
No, but are you blind?
right back at you - are you blind, retarded, high or what?
You said this:
so either somebody 'guessed' my random password, or somebody at cock.li is playing games. If it's Vince, then Hi Vince! and thanks for the service(not including impersonation)
yes, AND?
It's not uncommon for email providers to allow spoofed headers.
go read what John wrote. Then read my reply. And if you still don't get it, don't bother with further messages...
You are such an jerk. Why would you speculate about someone "guessing" your password, or Vince "playing games", after John clearly said that he spoofed some header? You can bullshit all you want, but it was a dumb thing to say, and it makes you look like an idiot. And it makes me wonder whether he actually got it right, because I don't recall you being as idiotic as this ;)
On Sun, 14 Jul 2019 16:13:26 -0700 Mirimir <mirimir@riseup.net> wrote:
You are such an jerk.
Why would you speculate about someone "guessing" your password, or Vince "playing games", after John clearly said that he spoofed some header?
because spoofing headers DOESNT actually WORK!! Doesn't "work" in the sense of creating a message that looks authentic. if you look at the headers of message 075590, which I didn't write, the headers look authentic : https://lists.cpunks.org/pipermail/cypherpunks/2019-July/075590.html John tried doing the same thing and failed because a random cock.li user can't spoof a header in a way that makes it look *authentic*. SO, if the header IS authentic or a 'perfect fake', then there are a few options 1) somebody has my password 2) or cock.li's admin himself sent the messages (both 1 and 2 as suggested by Shawn) 3) or I'm lying and no message was spoofed. So I first wrote a message saying that zerohedge is garbage and then I wrote a reply to my own message as if I were a different person, disgagreeing with myself. Because I'm that retarded. needless to say I KNOW option 3 is false, but you're free to believe in such 'conspiracy theory'.
You can bullshit all you want, but it was a dumb thing to say, and it makes you look like an idiot. And it makes me wonder whether he actually got it right, because I don't recall you being as idiotic as this ;)
So what about YOU misreading what I said? You're clearly misunderstanding something. I'm even willing to admit it's because of my less than perfect english...But hopefully NOW you got it.
On 07/14/2019 05:04 PM, Punk wrote:
On Sun, 14 Jul 2019 16:13:26 -0700 Mirimir <mirimir@riseup.net> wrote:
You are such an jerk.
Why would you speculate about someone "guessing" your password, or Vince "playing games", after John clearly said that he spoofed some header?
because spoofing headers DOESNT actually WORK!! Doesn't "work" in the sense of creating a message that looks authentic.
if you look at the headers of message 075590, which I didn't write, the headers look authentic :
https://lists.cpunks.org/pipermail/cypherpunks/2019-July/075590.html
OK, I get it. Sorry to be such a jerk. I hadn't read the earlier posts about spoofed messages from your CockMail account. And I thought that you were referring to John's message that you replied to, not this other message, "Boomerhedge - Boomer Propaganda Cesspool". But seriously, that one is even less well spoofed. | From: Punk <punk@tfwno.gf> vs the message I'm replying to now | From: Punk <punks@tfwno.gf>
John tried doing the same thing and failed because a random cock.li user can't spoof a header in a way that makes it look *authentic*. SO, if the header IS authentic or a 'perfect fake', then there are a few options
1) somebody has my password
2) or cock.li's admin himself sent the messages (both 1 and 2 as suggested by Shawn)
3) or I'm lying and no message was spoofed. So I first wrote a message saying that zerohedge is garbage and then I wrote a reply to my own message as if I were a different person, disgagreeing with myself. Because I'm that retarded.
needless to say I KNOW option 3 is false, but you're free to believe in such 'conspiracy theory'.
Unless I missed something, I doubt that your account has been compromised. Or that Vince is fucking with you.
You can bullshit all you want, but it was a dumb thing to say, and it makes you look like an idiot. And it makes me wonder whether he actually got it right, because I don't recall you being as idiotic as this ;)
So what about YOU misreading what I said? You're clearly misunderstanding something. I'm even willing to admit it's because of my less than perfect english...But hopefully NOW you got it.
Yes, I got it. Sorry. Just crabby today, I guess.
Sorry, I wasn't looking at the list yesterday. My spoofed header attempt used my actual cock.li login at port 587 of mx1.cock.li... I tried sending it with a "MAIL FROM: punk..", but those didn't go through, so then I just used the same address I had authenticated with, and did an extremely rudimentary header spoof in the DATA section. This made it through, although it had my cock.li address as a "Return-Path" in the headers, and then I sort of got bored and moved on to something else.... Of course, I tried just blasting it through cock.li without any SMTP authentication first, but as I suspected it's not an open relay :). I had zero confidence that this would've worked but had to try. The whole point of doing the spoofed headers using cock.li's server was to make it look authentic... You can spoof the headers from almost anywhere that lets you send SMTP but I wanted cock.li servers to show up in the headers. I considered it a fail because of what I mentioned in the first paragraph, but I haven't looked at the previous impersonation emails closely enough to say for sure how they happened, but as I recall they were better than mine (they were routed through cock.li servers but I don't remember any give-away "return-path" header or anything else). I'll take another look at them when I have time to see what I may have missed. cheers John On July 15, 2019 12:59:08 AM UTC, Mirimir <mirimir@riseup.net> wrote:
On Sun, 14 Jul 2019 16:13:26 -0700 Mirimir <mirimir@riseup.net> wrote:
You are such an jerk.
Why would you speculate about someone "guessing" your password, or Vince "playing games", after John clearly said that he spoofed some
On 07/14/2019 05:04 PM, Punk wrote: header?
because spoofing headers DOESNT actually WORK!! Doesn't "work" in
the sense of creating a message that looks authentic.
if you look at the headers of message 075590, which I didn't write,
the headers look authentic :
https://lists.cpunks.org/pipermail/cypherpunks/2019-July/075590.html
OK, I get it. Sorry to be such a jerk. I hadn't read the earlier posts about spoofed messages from your CockMail account. And I thought that you were referring to John's message that you replied to, not this other message, "Boomerhedge - Boomer Propaganda Cesspool".
But seriously, that one is even less well spoofed.
| From: Punk <punk@tfwno.gf>
vs the message I'm replying to now
| From: Punk <punks@tfwno.gf>
John tried doing the same thing and failed because a random cock.li user can't spoof a header in a way that makes it look *authentic*. SO, if the header IS authentic or a 'perfect fake', then there are a few options
1) somebody has my password
2) or cock.li's admin himself sent the messages (both 1 and 2 as suggested by Shawn)
3) or I'm lying and no message was spoofed. So I first wrote a message saying that zerohedge is garbage and then I wrote a reply to my own message as if I were a different person, disgagreeing with myself. Because I'm that retarded.
needless to say I KNOW option 3 is false, but you're free to believe in such 'conspiracy theory'.
Unless I missed something, I doubt that your account has been compromised. Or that Vince is fucking with you.
You can bullshit all you want, but it was a dumb thing to say, and it makes you look like an idiot. And it makes me wonder whether he actually got it right, because I don't recall you being as idiotic as this ;)
So what about YOU misreading what I said? You're clearly misunderstanding something. I'm even willing to admit it's because of my less than perfect english...But hopefully NOW you got it.
Yes, I got it. Sorry. Just crabby today, I guess.
Huh, I had no clue that people had been impersonating him. I haven't been following the list very closely. Although when Punk showed up, I wasn't sure at first that it wasn't someone pretending to be Juan ;) But now I'm curious. Could someone please share the Message-IDs of the spoofed messages? I'd like to dump the headers in Calc or whatever, and see what there is to see. I do use CockMail, so I'd be concerned if it were unusually vulnerable to spoofing. Also, it's not like header spoofing is hard. For example, with the HeaderToolsLite plugin for Thunderbird. On 07/15/2019 06:39 AM, John Newman wrote:
Sorry, I wasn't looking at the list yesterday. My spoofed header attempt used my actual cock.li login at port 587 of mx1.cock.li... I tried sending it with a "MAIL FROM: punk..", but those didn't go through, so then I just used the same address I had authenticated with, and did an extremely rudimentary header spoof in the DATA section. This made it through, although it had my cock.li address as a "Return-Path" in the headers, and then I sort of got bored and moved on to something else....
Of course, I tried just blasting it through cock.li without any SMTP authentication first, but as I suspected it's not an open relay :). I had zero confidence that this would've worked but had to try. The whole point of doing the spoofed headers using cock.li's server was to make it look authentic... You can spoof the headers from almost anywhere that lets you send SMTP but I wanted cock.li servers to show up in the headers. I considered it a fail because of what I mentioned in the first paragraph, but I haven't looked at the previous impersonation emails closely enough to say for sure how they happened, but as I recall they were better than mine (they were routed through cock.li servers but I don't remember any give-away "return-path" header or anything else). I'll take another look at them when I have time to see what I may have missed.
cheers John
On July 15, 2019 12:59:08 AM UTC, Mirimir <mirimir@riseup.net> wrote:
On Sun, 14 Jul 2019 16:13:26 -0700 Mirimir <mirimir@riseup.net> wrote:
You are such an jerk.
Why would you speculate about someone "guessing" your password, or Vince "playing games", after John clearly said that he spoofed some
On 07/14/2019 05:04 PM, Punk wrote: header?
because spoofing headers DOESNT actually WORK!! Doesn't "work" in
the sense of creating a message that looks authentic.
if you look at the headers of message 075590, which I didn't write,
the headers look authentic :
https://lists.cpunks.org/pipermail/cypherpunks/2019-July/075590.html
OK, I get it. Sorry to be such a jerk. I hadn't read the earlier posts about spoofed messages from your CockMail account. And I thought that you were referring to John's message that you replied to, not this other message, "Boomerhedge - Boomer Propaganda Cesspool".
But seriously, that one is even less well spoofed.
| From: Punk <punk@tfwno.gf>
vs the message I'm replying to now
| From: Punk <punks@tfwno.gf>
John tried doing the same thing and failed because a random cock.li user can't spoof a header in a way that makes it look *authentic*. SO, if the header IS authentic or a 'perfect fake', then there are a few options
1) somebody has my password
2) or cock.li's admin himself sent the messages (both 1 and 2 as suggested by Shawn)
3) or I'm lying and no message was spoofed. So I first wrote a message saying that zerohedge is garbage and then I wrote a reply to my own message as if I were a different person, disgagreeing with myself. Because I'm that retarded.
needless to say I KNOW option 3 is false, but you're free to believe in such 'conspiracy theory'.
Unless I missed something, I doubt that your account has been compromised. Or that Vince is fucking with you.
You can bullshit all you want, but it was a dumb thing to say, and it makes you look like an idiot. And it makes me wonder whether he actually got it right, because I don't recall you being as idiotic as this ;)
So what about YOU misreading what I said? You're clearly misunderstanding something. I'm even willing to admit it's because of my less than perfect english...But hopefully NOW you got it.
Yes, I got it. Sorry. Just crabby today, I guess.
On Sun, 14 Jul 2019 17:59:08 -0700 Mirimir <mirimir@riseup.net> wrote:
OK, I get it. Sorry to be such a jerk.
No worries. I remain the biggest jerk, by far =P - Plus I get the prize for biggest retard on the list - see below.
I hadn't read the earlier posts about spoofed messages from your CockMail account. And I thought that you were referring to John's message that you replied to, not this other message, "Boomerhedge - Boomer Propaganda Cesspool".
But seriously, that one is even less well spoofed.
| From: Punk <punk@tfwno.gf>
vs the message I'm replying to now
| From: Punk <punks@tfwno.gf>
OK, I need to wipe something like a ton of egg off my face. I confused the address punk@ with my own fucking address punkS@ - I can't get any more retarded than that =/ So there wasn't any spoofing of headers...and I need better glasses.
Unless I missed something, I doubt that your account has been compromised. Or that Vince is fucking with you.
You're perfectly right and I profusely apologize.
On Sun, 14 Jul 2019 15:28:37 -0700 Mirimir <mirimir@riseup.net> wrote:
On 07/14/2019 02:19 PM, Punk wrote:
On Sat, 13 Jul 2019 22:57:11 -0400 John Newman <jnn@synfin.org> wrote:
And it didn't work very well in any case, the first line in the headers is
Return-Path: <nixen@cock.li>
.. which is my cock.li account :P
I will now stop abusing the mail system tonight.
so either somebody 'guessed' my random password, or somebody at cock.li is playing games. If it's Vince, then Hi Vince! and thanks for the service(not including impersonation)
Now _that's_ funny.
John didn't say that he compromised your CockMail account.
Right. And I never suggested or implied he did. So what are you suggesting?
He said that he just spoofed "headers".
Right. I never said or implied that he did anything else. I assumed that cock.li allowed spoofed headers, he tested it. So what are you on about?
But maybe you ought to pretend that someone did successfully spoof this message ;)
are you drunk or...?
sorry for the duplicated posts. So while on the topic of email systems, there's been some change somewhere - either cock.li... or the list's server I'd guess - and since a month or so I have to send the same message multiple times (around 4 usually) until it actually gets posted.
On Sun, Jul 14, 2019 at 07:43:19PM -0300, Punk wrote:
sorry for the duplicated posts. So while on the topic of email systems, there's been some change somewhere - either cock.li... or the list's server I'd guess - and since a month or so I have to send the same message multiple times (around 4 usually) until it actually gets posted.
In case this helps: Just yesterday I sent a longish message about the server setup for the system that is hosting this cypherpunks@ list. One of the components is postgrey (which I misspelled postgray). When a message arrives from an unknown host, Postfix rejects it with a message to try again later. This is extremely effective against hit-and-run spam and similar annoyances. I've found that there are lots of organizations that do not follow the RFCs for email properly, and do not try again. Lots of banks and ecommerce sites seem to write their own mail transport agent (MTA), and do not try again after getting the postgrey message. It seems possible this is what's happening to your messages. If your service is using an MTA that doesn't try again - or if it tries again, but from a different IP address - the message might not get through. You should get a bounce saying it couldn't be delivered (anywhere from 30 minutes to 7 days later), but organizations that write their own MTAs might not handle error delivery that well, either. If you have a message that doesn't seem to get posted, please forward me the message and I'll mine the logs to see what happened. There are plenty of other possibilities that might cause this, but postgrey is one that we can investigate easily enough. Best, Greg
On Sun, 14 Jul 2019 18:30:01 -0700 Greg Newby <gbnewby@pglaf.org> wrote:
In case this helps: Just yesterday I sent a longish message about the server setup for the system that is hosting this cypherpunks@ list.
Yes! Thanks for sharing that info. I found it pretty interesting.
I've found that there are lots of organizations that do not follow the RFCs for email properly, and do not try again. Lots of banks and ecommerce sites seem to write their own mail transport agent (MTA), and do not try again after getting the postgrey message.
It seems possible this is what's happening to your messages. If your service is using an MTA that doesn't try again - or if it tries again, but from a different IP address - the message might not get through. You should get a bounce saying it couldn't be delivered (anywhere from 30 minutes to 7 days later), but organizations that write their own MTAs might not handle error delivery that well, either.
I don't get any bounce. What happens is, I send a message (using claws mail) and it doesn't make it to the list. I know because I don't a copy of my own message. So I resend after a couple of minutes. Nothing. I resend again after a few more minutes. Nothing. Sometimes the third try works. Sometimes I need to resend one more time. After succesufully sending one message, I can send more messages without having to re-try. It seems as if some sort of filter changes status to "open" after being hit with a few messages in a row. But after some time (a few hours?) it goes back to "closed". (But ocasionally messages will get through at the first try.)
If you have a message that doesn't seem to get posted, please forward me the message and I'll mine the logs to see what happened. There are plenty of other possibilities that might cause this, but postgrey is one that we can investigate easily enough.
This one took five tries. https://lists.cpunks.org/pipermail/cypherpunks/2019-July/075571.html (I'm sending you a copy of the original message to your pflag.org address) If you can easily find something in the postgrey logs that would be great but if it's something more complex requiring more effort then don't worry. Seems like I'm the only one having this issue so it's not a big deal.
Best, Greg
On Mon, Jul 15, 2019 at 04:20:13PM -0300, Punk wrote:
On Sun, 14 Jul 2019 18:30:01 -0700 Greg Newby <gbnewby@pglaf.org> wrote:
In case this helps: Just yesterday I sent a longish message about the server setup for the system that is hosting this cypherpunks@ list.
Yes! Thanks for sharing that info. I found it pretty interesting.
:) More below. I bet some other people have run into this type of problem, but might not have realized it is a pattern. I'm sure it is more evident to you, due to your prolific correspondence with cypherpunks@.
I've found that there are lots of organizations that do not follow the RFCs for email properly, and do not try again. Lots of banks and ecommerce sites seem to write their own mail transport agent (MTA), and do not try again after getting the postgrey message.
It seems possible this is what's happening to your messages. If your service is using an MTA that doesn't try again - or if it tries again, but from a different IP address - the message might not get through. You should get a bounce saying it couldn't be delivered (anywhere from 30 minutes to 7 days later), but organizations that write their own MTAs might not handle error delivery that well, either.
I don't get any bounce. What happens is, I send a message (using claws mail) and it doesn't make it to the list. I know because I don't a copy of my own message. So I resend after a couple of minutes. Nothing. I resend again after a few more minutes. Nothing. Sometimes the third try works. Sometimes I need to resend one more time. After succesufully sending one message, I can send more messages without having to re-try. It seems as if some sort of filter changes status to "open" after being hit with a few messages in a row. But after some time (a few hours?) it goes back to "closed". (But ocasionally messages will get through at the first try.)
That exactly explains the symptoms of greylisting. I found lots of log entries where your messages were accepted: Jul 12 13:13:31 mail postgrey[2135]: action=pass, reason=triplet found, client_name=mx1.cock.li, client_address=185.10.68.5, sender=punks@tfwno.gf, recipient=cypherpunks@lists.cpunks.org (185.10.68.5 is mx1.cock.li) The first time a message arrives, the triplet "CLIENT_IP" / "SENDER" / "RECIPIENT" had not been seen before within postgrey's memory. So, it sends a message back to try again later. And then, a few minutes later, the MTA tries again and the message is delivered. IF one of the triplet elements is changed, it does not immediately get delivered since it gets greylisted again. BTW, there are subscribers to cypherpunks@ who like to change their email addresses, or add alternate subscription addresses. No problem, but postgrey will not deliver on the first attempt.
If you have a message that doesn't seem to get posted, please forward me the message and I'll mine the logs to see what happened. There are plenty of other possibilities that might cause this, but postgrey is one that we can investigate easily enough.
This one took five tries.
https://lists.cpunks.org/pipermail/cypherpunks/2019-July/075571.html
(I'm sending you a copy of the original message to your pflag.org address)
And I didn't get the copy you sent me directly: mail.log:Jul 15 12:19:38 mail postgrey[2135]: action=greylist, reason=new, client_name=unknown, client_address=xxxx, sender=punks@tfwno.gf, recipient=gbnewby@pglaf.org the MTA didn't try again! (I.e., there was not a second entry for this triplet, as of 40+ minutes later). *** ALSO, and this is important: I see at least three different email address you are using. punk@ punks@ and another. All those from punks@ went through to cypherpunks@cpunks.org: none were delayed in the past few days of logs.
If you can easily find something in the postgrey logs that would be great but if it's something more complex requiring more effort then don't worry. Seems like I'm the only one having this issue so it's not a big deal.
Meanwhile, cock.li's nameserver shows two MX (mail exchange) servers. One of them, mx2.cock.li isn't responding, and there are some pending bounces to other addresses (not yours) that cannot be delivered. mx1 is the primary, though, and that is what your messages seem to be using. Bottom line: There is some evidence that the cock.li mail transport agents are not working correctly for greylisting, at least not all of the time. If you are in communication with those folks, perhaps you could raise some concerns. You can feel free to put me in touch, if that might help. Other Bottom Line: Make sure you use your subscribed address, punks@tfwno.gf, to send to cypherpunks@cpunks.org And finally, I do see messages of this form in the logs: Jul 8 08:28:14 mail postfix/smtp[29664]: 38E7411C603C: host mx1.cock.li[185.10.68.5] refused to talk to me: 421 4.7.0 cock.li Error: too many connections from 65.50.255.19 This seems to be from when a message to cypherpunks@ is delivered to various addresses hosted there. They have many different domains, and postfix is not smart enough to bundle them all into a single delivery. Result can be a dozen or more connections within just a second or so, which could legitimately trigger some anti-abuse response. Although, again, these should either generate a bounce, or be retried. Sorry for the trouble. It seems there might be some configuration problems (and it's certainly possible that my PGLAF server is not configured quite right!), and also that both cock.li and pglaf.org servers have some relatively unforgiving configurations. Best, Greg
On Mon, 15 Jul 2019 14:33:41 -0700 Greg Newby <gbnewby@pglaf.org> wrote:
I found lots of log entries where your messages were accepted:
Jul 12 13:13:31 mail postgrey[2135]: action=pass, reason=triplet found, client_name=mx1.cock.li, client_address=185.10.68.5, sender=punks@tfwno.gf, recipient=cypherpunks@lists.cpunks.org
(185.10.68.5 is mx1.cock.li)
The first time a message arrives, the triplet "CLIENT_IP" / "SENDER" / "RECIPIENT" had not been seen before within postgrey's memory. So, it sends a message back to try again later.
And then, a few minutes later, the MTA tries again and the message is delivered.
I see. And how often are the entries in the list of accepted senders removed? How often does postgrey 'forget' about a triplet it had validated? Every few hours?
If you have a message that doesn't seem to get posted, please forward me the message and I'll mine the logs to see what happened. There are plenty of other possibilities that might cause this, but postgrey is one that we can investigate easily enough.
This one took five tries.
https://lists.cpunks.org/pipermail/cypherpunks/2019-July/075571.html
(I'm sending you a copy of the original message to your pflag.org address)
And I didn't get the copy you sent me directly:
oh so the same postgrey rules are applied to pflag.org, I see.
mail.log:Jul 15 12:19:38 mail postgrey[2135]: action=greylist, reason=new, client_name=unknown, client_address=xxxx, sender=punks@tfwno.gf, recipient=gbnewby@pglaf.org
the MTA didn't try again! (I.e., there was not a second entry for this triplet, as of 40+ minutes later).
got it
*** ALSO, and this is important: I see at least three different email address you are using. punk@ punks@ and another. All those from punks@ went through to cypherpunks@cpunks.org: none were delayed in the past few days of logs.
cpunks@ is my only address. cpunk@ is an address somebody else registered and used to send the two messages I mistakenly regarded as 'spoofed'. I don't know what third address you're seeing, but it's not mine.
Bottom line: There is some evidence that the cock.li mail transport agents are not working correctly for greylisting, at least not all of the time. If you are in communication with those folks, perhaps you could raise some concerns. You can feel free to put me in touch, if that might help.
I'll write to them.
Other Bottom Line: Make sure you use your subscribed address, punks@tfwno.gf, to send to cypherpunks@cpunks.org
I double checked and cypherpunks@cpunks.org is the address in my address book. However I've sent a lot of messages to cypherpunks@lists.cpunks.org as well. The @lists.cpunks.org address is the one my client picks when I write a reply. I'll try sending everything to @cpunks.org and see if that makes a difference.
And finally, I do see messages of this form in the logs:
Jul 8 08:28:14 mail postfix/smtp[29664]: 38E7411C603C: host mx1.cock.li[185.10.68.5] refused to talk to me: 421 4.7.0 cock.li Error: too many connections from 65.50.255.19
So messages from the list to subscribers @ cock.li might get lost...
This seems to be from when a message to cypherpunks@ is delivered to various addresses hosted there. They have many different domains, and postfix is not smart enough to bundle them all into a single delivery. Result can be a dozen or more connections within just a second or so, which could legitimately trigger some anti-abuse response. Although, again, these should either generate a bounce, or be retried.
I don't think I've seen that problem though. I mean I'm more or less sure I'm getting all the messages _from_ the list.
Sorry for the trouble. It seems there might be some configuration problems (and it's certainly possible that my PGLAF server is not configured quite right!), and also that both cock.li and pglaf.org servers have some relatively unforgiving configurations.
Thanks a lot for looking into this =)
Best, Greg
On 07/15/2019 04:07 PM, Punk wrote:
On Mon, 15 Jul 2019 14:33:41 -0700 Greg Newby <gbnewby@pglaf.org> wrote:
<SNIP>
*** ALSO, and this is important: I see at least three different email address you are using. punk@ punks@ and another. All those from punks@ went through to cypherpunks@cpunks.org: none were delayed in the past few days of logs.
cpunks@ is my only address. cpunk@ is an address somebody else registered and used to send the two messages I mistakenly regarded as 'spoofed'. I don't know what third address you're seeing, but it's not mine.
You mean punks@tfwno.gf is yours, right? I do see two messages from punk@tfwno.gf: "Cryptocurrency: Trump Pumps Cryptos, Andreas Blasts jewcoins" [Message-ID: <af09cb6b-64fe-799e-aadf-fa475e2761c3@tfwno.gf>] and "Boomerhedge - Boomer Propaganda Cesspool" [ Message-ID: <fd149f6f-6d28-357e-7013-4ef9824045bc@tfwno.gf>], both rudely replying to you. But I don't see John's spoof(s). Locally, or at https://lists.cpunks.org/pipermail/cypherpunks. Did anyone else get them? -------- Forwarded Message -------- Subject: Re: impersonating Juan, a quick test Date: Sat, 13 Jul 2019 22:57:11 -0400 From: John Newman <jnn@synfin.org> To: Cypherpunks <cypherpunks@lists.cpunks.org> And it didn't work very well in any case, the first line in the headers is
Return-Path: <nixen@cock.li>
.. which is my cock.li account :P I will now stop abusing the mail system tonight. John On Sat, Jul 13, 2019 at 09:53:19PM -0500, John Newman wrote:
Sorry if those shows up a few times. I was dicking around and ran it without realizing it was sending email!
On Jul 13, 2019, at 9:44 PM, Punk <punk@tfwno.gf> wrote:
This is quick and dirty test of impersonating Juan using my own cock.li account to connect but fudging the headers (its just a few lines of perl wrapped around an openssl command).
Did it work?
John jnn@synfin.org
-- GPG fingerprint: 17FD 615A D20D AFE8 B3E4 C9D2 E324 20BE D47A 78C7
On July 16, 2019 3:58:11 AM UTC, Mirimir <mirimir@riseup.net> wrote:
On 07/15/2019 04:07 PM, Punk wrote:
On Mon, 15 Jul 2019 14:33:41 -0700 Greg Newby <gbnewby@pglaf.org> wrote:
<SNIP>
*** ALSO, and this is important: I see at least three different email address you are using. punk@ punks@ and another. All those from punks@ went through to cypherpunks@cpunks.org: none were delayed in the past few days of logs.
cpunks@ is my only address. cpunk@ is an address somebody else registered and used to send the two messages I mistakenly regarded as 'spoofed'. I don't know what third address you're seeing, but it's not mine.
You mean punks@tfwno.gf is yours, right?
I do see two messages from punk@tfwno.gf: "Cryptocurrency: Trump Pumps Cryptos, Andreas Blasts jewcoins" [Message-ID: <af09cb6b-64fe-799e-aadf-fa475e2761c3@tfwno.gf>] and "Boomerhedge - Boomer Propaganda Cesspool" [ Message-ID: <fd149f6f-6d28-357e-7013-4ef9824045bc@tfwno.gf>], both rudely replying to you.
But I don't see John's spoof(s). Locally, or at https://lists.cpunks.org/pipermail/cypherpunks. Did anyone else get them?
I idiotically accidentally "spoofed" the wrong address - punk@, NOT punks.... It's the message that started this thread actually ;). Two of them came through, subject line "Impersonating Juan, a quick test". Anyway.... I feel stupid :). Cheers John
-------- Forwarded Message -------- Subject: Re: impersonating Juan, a quick test Date: Sat, 13 Jul 2019 22:57:11 -0400 From: John Newman <jnn@synfin.org> To: Cypherpunks <cypherpunks@lists.cpunks.org>
And it didn't work very well in any case, the first line in the headers is
Return-Path: <nixen@cock.li>
.. which is my cock.li account :P
I will now stop abusing the mail system tonight.
John
Sorry if those shows up a few times. I was dicking around and ran it without realizing it was sending email!
On Jul 13, 2019, at 9:44 PM, Punk <punk@tfwno.gf> wrote:
This is quick and dirty test of impersonating Juan using my own cock.li account to connect but fudging the headers (its just a few
On Sat, Jul 13, 2019 at 09:53:19PM -0500, John Newman wrote: lines of perl wrapped around an openssl command).
Did it work?
John jnn@synfin.org
Sorry for my slow response. I purposely waited an extra day+ in case there are any other complaints or signs of trouble. Also, maybe you got a response back form cock.li already? This is mostly just my response to Juan, but what's below might be of general interest for anyone who has had trouble getting messages to or from the list: On Mon, Jul 15, 2019 at 08:07:48PM -0300, Punk wrote:
On Mon, 15 Jul 2019 14:33:41 -0700 Greg Newby <gbnewby@pglaf.org> wrote:
I found lots of log entries where your messages were accepted:
Jul 12 13:13:31 mail postgrey[2135]: action=pass, reason=triplet found, client_name=mx1.cock.li, client_address=185.10.68.5, sender=punks@tfwno.gf, recipient=cypherpunks@lists.cpunks.org
(185.10.68.5 is mx1.cock.li)
The first time a message arrives, the triplet "CLIENT_IP" / "SENDER" / "RECIPIENT" had not been seen before within postgrey's memory. So, it sends a message back to try again later. And then, a few minutes later, the MTA tries again and the message is delivered.
I see. And how often are the entries in the list of accepted senders removed? How often does postgrey 'forget' about a triplet it had validated? Every few hours?
The man page says it is 35 days. In your experience, this means that if a message is posted (same triplet of IP, sender, recipient) it should not be greylisted unless 35 days have passed since the prior message was sent. One thing that happens a lot with big companies is that they use a bunch of different IP addresses. That creates problems for greylisting, since the triplet is not duplicated, so keeps getting greylisted. I did not see evidence that cock.li is doing this, though: they just have two MX servers, and the addresses seem static.
If you have a message that doesn't seem to get posted, please forward me the message and I'll mine the logs to see what happened. There are plenty of other possibilities that might cause this, but postgrey is one that we can investigate easily enough.
This one took five tries.
https://lists.cpunks.org/pipermail/cypherpunks/2019-July/075571.html
(I'm sending you a copy of the original message to your pflag.org address)
And I didn't get the copy you sent me directly:
oh so the same postgrey rules are applied to pflag.org, I see.
Yes, it's the exact same system, with the exact same software, configuration, etc. I can provide you a GMail-type address to contact me, if your messages aren't getting through.
mail.log:Jul 15 12:19:38 mail postgrey[2135]: action=greylist, reason=new, client_name=unknown, client_address=xxxx, sender=punks@tfwno.gf, recipient=gbnewby@pglaf.org
the MTA didn't try again! (I.e., there was not a second entry for this triplet, as of 40+ minutes later).
got it
*** ALSO, and this is important: I see at least three different email address you are using. punk@ punks@ and another. All those from punks@ went through to cypherpunks@cpunks.org: none were delayed in the past few days of logs.
cpunks@ is my only address. cpunk@ is an address somebody else registered and used to send the two messages I mistakenly regarded as 'spoofed'. I don't know what third address you're seeing, but it's not mine.
Actually, your address is: punks@tfwno.gf (I just confirmed that is what appears in the subscriber list, and that is the address you used). The list configuration is that emails from unknown/unsubscribed addresses are rejected (i.e., bounced: you will get a copy back). So, if you ever send from a different address, it will not be posted. And it will be bounced back. It's possible your email client or the cock.li MTA is not getting a bounce to you... to test this, try sending to cypherpunks@lists.cpunks.org from a non-subscribed address, and then chase down the bounce. (Of course, it will get greylisted first! Even before Mailman sees + bounces it.) I can check the logs for the non-subscribed address, if you experiment with this and don't get a bounce.
Bottom line: There is some evidence that the cock.li mail transport agents are not working correctly for greylisting, at least not all of the time. If you are in communication with those folks, perhaps you could raise some concerns. You can feel free to put me in touch, if that might help.
I'll write to them.
Other Bottom Line: Make sure you use your subscribed address, punks@tfwno.gf, to send to cypherpunks@cpunks.org
I double checked and cypherpunks@cpunks.org is the address in my address book. However I've sent a lot of messages to cypherpunks@lists.cpunks.org as well. The @lists.cpunks.org address is the one my client picks when I write a reply. I'll try sending everything to @cpunks.org and see if that makes a difference.
Either works. The DNS MX sends it to the same server.
And finally, I do see messages of this form in the logs:
Jul 8 08:28:14 mail postfix/smtp[29664]: 38E7411C603C: host mx1.cock.li[185.10.68.5] refused to talk to me: 421 4.7.0 cock.li Error: too many connections from 65.50.255.19
So messages from the list to subscribers @ cock.li might get lost...
Maybe. You can check the archives to confirm. Or maybe it's only addresses that are not actually deliverable. There are dozens of throwaway addresses that were created & subscribed, and now just bounce, in the subscriber list. Those are stuck in their own twilight zone, until Mailman eventually auto-unsubscribes them. This always takes at least a week (that is the Mailman list setting), and since cpunks@ is a busy list, that can result in many dozens of retries by the MTA.
This seems to be from when a message to cypherpunks@ is delivered to various addresses hosted there. They have many different domains, and postfix is not smart enough to bundle them all into a single delivery. Result can be a dozen or more connections within just a second or so, which could legitimately trigger some anti-abuse response. Although, again, these should either generate a bounce, or be retried.
I don't think I've seen that problem though. I mean I'm more or less sure I'm getting all the messages _from_ the list.
Yes - my note just above.
Sorry for the trouble. It seems there might be some configuration problems (and it's certainly possible that my PGLAF server is not configured quite right!), and also that both cock.li and pglaf.org servers have some relatively unforgiving configurations.
Thanks a lot for looking into this =)
My pleasure. Best, Greg
On Wed, Jul 17, 2019 at 09:33:54AM -0700, Greg Newby wrote:
Sorry for my slow response. I purposely waited an extra day+ in case there are any other complaints or signs of trouble. Also, maybe you got a response back form cock.li already?
This is mostly just my response to Juan, but what's below might be of general interest for anyone who has had trouble getting messages to or from the list:
On Mon, Jul 15, 2019 at 08:07:48PM -0300, Punk wrote:
On Mon, 15 Jul 2019 14:33:41 -0700 Greg Newby <gbnewby@pglaf.org> wrote:
I found lots of log entries where your messages were accepted:
Jul 12 13:13:31 mail postgrey[2135]: action=pass, reason=triplet found, client_name=mx1.cock.li, client_address=185.10.68.5, sender=punks@tfwno.gf, recipient=cypherpunks@lists.cpunks.org
(185.10.68.5 is mx1.cock.li)
The first time a message arrives, the triplet "CLIENT_IP" / "SENDER" / "RECIPIENT" had not been seen before within postgrey's memory. So, it sends a message back to try again later. And then, a few minutes later, the MTA tries again and the message is delivered.
I see. And how often are the entries in the list of accepted senders removed? How often does postgrey 'forget' about a triplet it had validated? Every few hours?
The man page says it is 35 days.
This would explain why "may be every month", messages are noticeably "paused" rather than forwarded on through - I've seen this quite a few times. Knowing the reason is useful - those "wtf" feelz can be readily set aside :)
In your experience, this means that if a message is posted (same triplet of IP, sender, recipient) it should not be greylisted unless 35 days have passed since the prior message was sent.
One thing that happens a lot with big companies is that they use a bunch of different IP addresses. That creates problems for greylisting, since the triplet is not duplicated, so keeps getting greylisted. I did not see evidence that cock.li is doing this, though: they just have two MX servers, and the addresses seem static. ...
On July 14, 2019 6:30:01 PM PDT, Greg Newby <gbnewby@pglaf.org> wrote:
On Sun, Jul 14, 2019 at 07:43:19PM -0300, Punk wrote:
sorry for the duplicated posts. So while on the topic of email
systems, there's been some change somewhere - either cock.li... or the list's server I'd guess - and since a month or so I have to send the same message multiple times (around 4 usually) until it actually gets posted.
In case this helps: Just yesterday I sent a longish message about the server setup for the system that is hosting this cypherpunks@ list.
One of the components is postgrey (which I misspelled postgray). When a message arrives from an unknown host, Postfix rejects it with a message to try again later. This is extremely effective against hit-and-run spam and similar annoyances.
I've found that there are lots of organizations that do not follow the RFCs for email properly, and do not try again. Lots of banks and ecommerce sites seem to write their own mail transport agent (MTA), and do not try again after getting the postgrey message.
It seems possible this is what's happening to your messages. If your service is using an MTA that doesn't try again - or if it tries again, but from a different IP address - the message might not get through. You should get a bounce saying it couldn't be delivered (anywhere from 30 minutes to 7 days later), but organizations that write their own MTAs might not handle error delivery that well, either.
If you have a message that doesn't seem to get posted, please forward me the message and I'll mine the logs to see what happened. There are plenty of other possibilities that might cause this, but postgrey is one that we can investigate easily enough.
Best, Greg
I was blacklisted without notification a decade ago. A listserv admin contacted me and told me *some* (but not all) of my contributions (I call them that anyway...) bounced going to some addresses when redistributed by the list. -- Rr Sent from my Android device with K-9 Mail. Please excuse my brevity.
Gmail threw these status 4.4.1 delays for one message to cypherpunks@cpunks.org over the last few days before ultimately failing... Diagnostic-Code: smtp; The recipient server did not accept our requests to connect. Learn more at https://support.google.com/mail/answer/7720 [mail.pglaf.org. 2604:3200:0:3:21e:67ff:fe86:ff9c: timed out]
On Sat, Jul 20, 2019 at 03:35:13PM -0400, grarpamp wrote:
Gmail threw these status 4.4.1 delays for one message to cypherpunks@cpunks.org over the last few days before ultimately failing...
Diagnostic-Code: smtp; The recipient server did not accept our requests to connect. Learn more at https://support.google.com/mail/answer/7720 [mail.pglaf.org. 2604:3200:0:3:21e:67ff:fe86:ff9c: timed out]
Sorry about that! I screwed up the DNS for the PGLAF server, and basically had IPv6 partially configured. I think it's now fixed. The good news is dual stack (IPv6 and IPv4) is now enabled. Why was I making changes? Because the afore-mentioned lifetime free service from Oracle emailed me on July 16, saying that I was using too many DNS queries. It wasn't clear whether they would bill me, or just refuse to handle requests beyond the number allowed. So, I moved pglaf.org to Cloudflare, but neglected to move all of the entries. Plus I created a nice new IPv6 entry for Mail Exchange (MX record) but didn't configure Postfix to actually utilize IPv6. So, my fault. Let me know of any other anomalies... I hope that there were proper bounce messages, for anything that didn't get through. Anyone who sent a message, but isn't sure whether it arrived, can check the list archives here: https://lists.cpunks.org/pipermail/cypherpunks/2019-July/date.html - Greg
From at least Sat, Jul 20, 2019 at 5:56 PM
there's a new delivery bug Final-Recipient: rfc822; cypherpunks@lists.cpunks.org Status: 4.4.2 delayed Diagnostic-Code: X-Postfix; lost connection with 127.0.0.1[127.0.0.1] while receiving the initial server greeting
participants (7)
-
grarpamp -
Greg Newby -
John Newman -
Mirimir -
Punk -
Razer -
Zenaan Harkness