2023-08-04T07:24:39  *** teepee_ is now known as teepee
2023-08-04T10:15:59  *** krop[m]111111114 is now known as krop[m]
2023-08-04T13:02:39  *** Leothelion[m] is now known as leothelion_0[m]
2023-08-04T13:35:39  <mcepl[m]> Jacob Michalskie: Thank you.
2023-08-04T15:33:59  *** teepee_ is now known as teepee
2023-08-04T15:53:45  <knurpht-Gertjan[> <luc14n0> "lcp: And I still see messages..." <- God here: no idea.
2023-08-04T16:11:52  * luc14n0 desperately shouts "We are doomed! The bridge is doomed!" 😛
2023-08-04T16:37:30  <pjessen>  /msg NickServ IDENTIFY pjessen S0mmary1,
2023-08-04T16:38:20  <krop> someone needs to change his password
2023-08-04T16:38:25  <pjessen> is there a login problem on mailman3?  my sudo password is not accepted
2023-08-04T16:38:46  <pjessen> krop: was the wrong one anyway
2023-08-04T17:56:45  <acidsys> pjessen: checking
2023-08-04T17:59:08  <acidsys> ah, I know how this happened. there were leftover pam configurations from when this was a Leap machine which caused error messages. hence I reset the pam configuration, but forgot to reinstall the snippets for sssd. let me have salt do that
2023-08-04T18:02:27  <acidsys> now it works again
2023-08-04T18:11:54  <pjessen> acidsys: tnx
2023-08-04T18:17:51  <pjessen> acidsys: it works
2023-08-04T18:19:41  <acidsys> cool
2023-08-04T18:19:57  <acidsys> btw; careful with the packages on mailman3, I haven't yet polished my foo
2023-08-04T18:24:38  <pjessen> okay
2023-08-04T18:54:32  *** penguinpointe[m4 is now known as maddisonz0[m]
2023-08-04T21:54:03  <luc14n0> I'm trying to understand how (random) people manage to send emails using our admin address. Any pointers?
2023-08-04T21:54:49  * luc14n0 is reading one of those emails' source to find out whether such emails pass by our servers at some point!
2023-08-04T21:57:26  <luc14n0> I know that at least to receive emails from opensuse dot org aliases, emails pass by our servers to be forwarded to our chosen email, right?
2023-08-04T22:03:19  <acidsys> people send email _using_ admin@o.o ?
2023-08-04T22:04:39  <acidsys> we have a SPF which should tell well behaved mailservers to not accept mail from @opensuse.org if it's not from a trusted server
2023-08-04T22:05:48  <acidsys> actually we have it set to inactive if I interpret "?all" right
2023-08-04T22:06:56  <acidsys> in which case it is possible to maliciously send with @opensuse.org as the sender
2023-08-04T22:11:38  <luc14n0> The email I'm looking at was maliciously sent by admin at opensuse to... admin at opensuse - thus opening a ticket.
2023-08-04T22:13:27  <acidsys> ah probably just the From address .. does Redmine give you the email source?
2023-08-04T22:14:35  <luc14n0> No, Outlook does.
2023-08-04T22:14:40  <luc14n0> Let me paste it.
2023-08-04T22:16:21  <acidsys> huh how would you access the admin@opensuse.org inbox
2023-08-04T22:16:24  <heridahamster[m]> Lol
2023-08-04T22:17:12  <luc14n0> I got rid of the body of the message to make it shorter: https://paste.opensuse.org/pastes/11c368f0af51
2023-08-04T22:19:25  <acidsys> hm but that's just the notification mail you receive or is it what actually was sent by that person?
2023-08-04T22:19:25  <luc14n0> But it might not have the whole truth there, since I've received the email from redmine?
2023-08-04T22:19:39  *** teepee_ is now known as teepee
2023-08-04T22:19:45  <acidsys> I think so yes
2023-08-04T22:20:11  <luc14n0> No, not redmine. It's our mailing list.
2023-08-04T22:21:46  <acidsys> are you subscribed to admin@opensuse.org ?
2023-08-04T22:22:00  <luc14n0> Yes.
2023-08-04T22:22:03  <acidsys> I receive the emails as Redmine notifications but you seem to actually receive stuff from the mailing list
2023-08-04T22:22:12  <acidsys> I didn't know it was possible to subscribe to that
2023-08-04T22:22:23  <acidsys> so then if you had redmine notifications enabled as well you would receive it twice
2023-08-04T22:23:24  <acidsys> this is how the notifications look like https://paste.opensuse.org/pastes/1dcdfd702320
2023-08-04T22:25:20  <luc14n0> Yeah, in Redmine I don't subscribe to "For any event ...".
2023-08-04T22:26:42  <luc14n0> And I even manage to unsubcribe to some stuff, since I get the actual email.
2023-08-04T22:28:12  <luc14n0> Hmm, I see "X-Spam-Virus: No" from my paste. Spamassassin let it pass, unfortunately (I don't know how Spamassassin works, TBF).
2023-08-04T22:28:52  <luc14n0> s/X-Spam-Virus/X-Spam-Status: No
2023-08-04T22:30:28  <luc14n0> Found it! The perpetrator: Received: from v-192-223-25-73.unman-vds.premium-seattle.nfoservers.com ([192.223.25.73]:52951) by ns-73.awsdns-09.com with esmtpsa  (TLS1.3) tls TLS_AES_256_GCM_SHA384
2023-08-04T22:30:38  <acidsys> I was told we have loose spam filtering or none at all on admin@opensuse.org on purpose
2023-08-04T22:31:18  <luc14n0> I was told the same thing, actually.
2023-08-04T22:32:07  <luc14n0> But it would be interesting to block some addresses.
2023-08-04T22:32:29  <luc14n0> Some we are sure it shouldn't be used by anyone.
2023-08-04T22:32:54  <malcolmlewis> a lot get blocked by my email provider... a few come through and into the trash bin..
2023-08-04T22:34:20  <luc14n0> Mine too, if it's the first time a given recipient reaches me.
2023-08-04T22:35:30  <malcolmlewis> I just received the daily summary and see three in there
2023-08-04T22:36:21  <luc14n0> But the issue here is what reaches us through admin opensuse org. Specifically some addresses that shouldn't be used in the first place.
2023-08-04T22:37:23  <malcolmlewis> I se one there from admin@o.o, is that what your talking about?
2023-08-04T22:39:10  <luc14n0> The one I'm talking about was presented as "Server <admin opensuse org>".
2023-08-04T22:39:45  <luc14n0> About password expiration.
2023-08-04T22:39:58  <malcolmlewis> luc14n0, yup, it was blocked, that's the one I'm referring too as well...
2023-08-04T22:44:37  <luc14n0> Let me try to send an email using our admin address.
2023-08-04T22:47:12  * malcolmlewis waits for new mail...
2023-08-04T22:53:50  <malcolmlewis> luc14n0, I see a earlier 'received from' entry? https://paste.opensuse.org/pastes/34e4d3f519b0
2023-08-04T22:54:38  <malcolmlewis> which is a known spam ip...
2023-08-04T22:56:56  <luc14n0> malcolmlewis: Yes, that's the one I pointed. It came from some AWS and our Postfix sent it.
2023-08-04T22:58:54  <malcolmlewis> luc14n0, not that one you posted, I see 173.236.106.137
2023-08-04T22:59:20  <malcolmlewis> then the one you posted
2023-08-04T23:01:40  <luc14n0> There the same.
2023-08-04T23:01:47  <luc14n0> They're*
2023-08-04T23:04:02  <malcolmlewis> luc14n0, and a butt load of open ports...  https://paste.opensuse.org/pastes/f48ee3ca3b53
2023-08-04T23:06:08  <luc14n0> Oh yeah. Security is not tight over there. And BTW, it seems one must have to be running a mail server to send as admin opensuse org. Outlook didn't let me, neither msmtp.
2023-08-04T23:06:53  <malcolmlewis> luc14n0, telnet...
2023-08-04T23:13:19  * luc14n0 nods!