Re: [ris-int] Reply-To forwarded to /dev/null in myASn messages
Hi,
... myASn can use reply-to address forwarded to /dev/null
Are we sure we want that? How often does it happen? Shouldn't there be follow by a risopsy when a notification fails to be delivered? (for permanent failures, either try to get in touch with representatives of the AS to correct the address, or deconfigure the alarm???) -- Rene
Hi guys,
Can we do this?
Arife
----- Forwarded message from Alexis Yushin <alexis@ripe.net> -----
From: Alexis Yushin <alexis@ripe.net> To: matthew@ripe.net (Matthew Williams) Subject: Re: [MAILER-DAEMON@ripe.net: Undelivered Mail Returned to Sender] Date: Wed, 14 Jul 2004 13:17:01 +0200 (CEST) Cc: alexis@ripe.net (Alexis Yushin), arife@ripe.net (Arife Vural), ris-int@ripe.net
Arife,
We need to add risops to the trusted users class in sendmail.cf on weesp. Something like
FEATURE(`use_ct_file') dnl
and
/etc/mail/trusted-users uucp root daemon risops
So myASn can use reply-to address forwarded to /dev/null
Alexis
Once Matthew Williams wrote:
Hi Alexis,
Working on this?
Cheers, Matthew
----- Forwarded message from Mail Delivery System <MAILER-DAEMON@ripe.net> -----
X-Recipient: <risops@ripe.net> Date: Tue, 13 Jul 2004 23:43:50 +0200 (CEST) From: MAILER-DAEMON@ripe.net (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: risops@ripe.net
Content-Description: Notification This is the Postfix program at host postman.ripe.net.
I'm sorry to have to inform you that the message returned below could not be delivered to one or more destinations.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can delete your own text from the message returned below.
The Postfix program
<asnalarm@linkey.ru>: host mail.linkey.ru[213.159.99.4] said: 550 sorry, no mailbox here by that name (#5.1.1 - chkusr)
Content-Description: Delivery error report Reporting-MTA: dns; postman.ripe.net Arrival-Date: Tue, 13 Jul 2004 23:43:50 +0200 (CEST)
Final-Recipient: rfc822; asnalarm@linkey.ru Action: failed Status: 5.0.0 Diagnostic-Code: X-Postfix; host mail.linkey.ru[213.159.99.4] said: 550 sorry, no mailbox here by that name (#5.1.1 - chkusr)
Content-Description: Undelivered Message Date: Tue, 13 Jul 2004 21:43:49 GMT From: myASn Notifications <myasn@ripe.net> To: asnalarm@linkey.ru Subject: New alarms for 13302 X-RIPE-Spam-Level: X-RIPE-Spam-Status: N 0.111983 / 0.0 / 0.0 / disabled X-RIPE-Signature: b5599a70a52cbd8205f40bab1f24afd6
Dear myASn contact,
New alarms were detected for 13302. Please find the details below. Depending on your detail level settings you might not see all the events. Please use the web interface for further details.
-- myASn System
Transit alarm 713 (Transit), 213.159.96.0/19 (exceptions not shown), myASn: , Their ASn: , HDT: 60, HDE: 1, TTL: 3600 .=------+-----------------+---------+----------+---------------+--------------------------+--------------------------+------=. | RRC | Prefix | AS Path | Conflict | Peer | UTC First | UTC Last | Count | |=------+-----------------+---------+----------+---------------+--------------------------+--------------------------+------=| | rrc00 | 213.159.96.0/19 | | | 129.250.0.232 | Tue Jul 13 21:16:35 2004 | Tue Jul 13 21:16:35 2004 | 1 | '=------+-----------------+---------+----------+---------------+--------------------------+--------------------------+------='
----- End forwarded message -----
--
Matthew Williams Customer Liaison Engineer RIPE - Network Coordination Centre (www.ripe.net)
----- End forwarded message -----
Shouldn't there be follow by a risopsy when a notification fails to be delivered? (for permanent failures, either try
Quite unlikely, if I know that alarm notifications were successfully sent to my inbox. We could possibly set up a few fake risops accounts without fwd to /dev/null to monitor that the prob at least wasn't internal. If you have other ideas then pls share them :) Cheers, Matthew
-----Original Message----- From: ris-int-admin@ripe.net [mailto:ris-int-admin@ripe.net] On Behalf Of Rene Wilhelm Sent: 14 July 2004 14:32 To: Arife Vural Cc: ris-int@ripe.net Subject: Re: [ris-int] Reply-To forwarded to /dev/null in myASn messages
Hi,
... myASn can use reply-to address forwarded to /dev/null
Are we sure we want that? How often does it happen? Shouldn't there be follow by a risopsy when a notification fails to be delivered? (for permanent failures, either try to get in touch with representatives of the AS to correct the address, or deconfigure the alarm???)
-- Rene
Hi guys,
Can we do this?
Arife
----- Forwarded message from Alexis Yushin <alexis@ripe.net> -----
From: Alexis Yushin <alexis@ripe.net> To: matthew@ripe.net (Matthew Williams) Subject: Re: [MAILER-DAEMON@ripe.net: Undelivered Mail Returned to Sender] Date: Wed, 14 Jul 2004 13:17:01 +0200 (CEST) Cc: alexis@ripe.net (Alexis Yushin), arife@ripe.net (Arife Vural), ris-int@ripe.net
Arife,
We need to add risops to the trusted users class in sendmail.cf on weesp. Something like
FEATURE(`use_ct_file') dnl
and
/etc/mail/trusted-users uucp root daemon risops
So myASn can use reply-to address forwarded to /dev/null
Alexis
Once Matthew Williams wrote:
Hi Alexis,
Working on this?
Cheers, Matthew
----- Forwarded message from Mail Delivery System <MAILER-DAEMON@ripe.net> -----
X-Recipient: <risops@ripe.net> Date: Tue, 13 Jul 2004 23:43:50 +0200 (CEST) From: MAILER-DAEMON@ripe.net (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: risops@ripe.net
Content-Description: Notification This is the Postfix program at host postman.ripe.net.
I'm sorry to have to inform you that the message returned below could not be delivered to one or more destinations.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can delete your own text from the message returned below.
The Postfix program
<asnalarm@linkey.ru>: host mail.linkey.ru[213.159.99.4] said: 550 sorry, no mailbox here by that name (#5.1.1 - chkusr)
Content-Description: Delivery error report Reporting-MTA: dns; postman.ripe.net Arrival-Date: Tue, 13 Jul 2004 23:43:50 +0200 (CEST)
Final-Recipient: rfc822; asnalarm@linkey.ru Action: failed Status: 5.0.0 Diagnostic-Code: X-Postfix; host mail.linkey.ru[213.159.99.4] said: 550 sorry, no mailbox here by that name (#5.1.1 - chkusr)
Content-Description: Undelivered Message Date: Tue, 13 Jul 2004 21:43:49 GMT From: myASn Notifications <myasn@ripe.net> To: asnalarm@linkey.ru Subject: New alarms for 13302 X-RIPE-Spam-Level: X-RIPE-Spam-Status: N 0.111983 / 0.0 / 0.0 / disabled X-RIPE-Signature: b5599a70a52cbd8205f40bab1f24afd6
Dear myASn contact,
New alarms were detected for 13302. Please find the details below. Depending on your detail level settings you might not see all the events. Please use the web interface for further details.
-- myASn System
Transit alarm 713 (Transit), 213.159.96.0/19 (exceptions not shown), myASn: , Their ASn: , HDT: 60, HDE: 1, TTL: 3600
.=------+-----------------+---------+----------+------------- --+--------------------------+--------------------------+------=.
| RRC | Prefix | AS Path | Conflict | Peer | UTC First | UTC Last | Count |
|=------+-----------------+---------+----------+------------- --+--------------------------+--------------------------+------=|
| rrc00 | 213.159.96.0/19 | | | 129.250.0.232 | Tue Jul 13 21:16:35 2004 | Tue Jul 13 21:16:35 2004 | 1 |
'=------+-----------------+---------+----------+---------------+-----
---------------------+--------------------------+------='
----- End forwarded message -----
--
Matthew Williams Customer Liaison Engineer RIPE - Network Coordination Centre (www.ripe.net)
----- End forwarded message -----
Rene Wilhelm wrote:
... myASn can use reply-to address forwarded to /dev/null
Are we sure we want that? How often does it happen? Shouldn't there be follow by a risopsy when a notification fails to be delivered? (for permanent failures, either try to get in touch with representatives of the AS to correct the address, or deconfigure the alarm???)
What about setting the Return-Path: and Reply-To: headers to different values? When mail bounces it goes to the address specified in Return-Path, but when a human replies, the mail goes to the address specified in Reply-To (or From if Reply-To is not present). So it could be: Return-Path: <bitbucket@ripe.net> [...] From: myASn <myasn@ripe.net> Reply-To: risops@ripe.net or something like that. If you want automatic bounce unsubscription, you could set the Return-Path to something like Return-Path: <myasn-bounce-colitti=dia.uniroma3.it@ripe.net> where "colitti=dia.uniroma3.it" is the address that the notification was sent to. Then you can hook up a script to all myasn-bounce-*@ripe.net mailboxes that automatically unsubscribes after one or more bounces. Cheers, Lorenzo -- --------------------------------------------------------- Lorenzo Colitti Ph.D student Computer Networks research group Roma Tre University colitti@dia.uniroma3.it +39-0655173215 ---------------------------------------------------------
[ Don't know if it got announced, but Arife added me to the ris-int list today. Yay! ] Lorenzo Colitti wrote:
Rene Wilhelm wrote:
... myASn can use reply-to address forwarded to /dev/null
Are we sure we want that? How often does it happen? Shouldn't there be follow by a risopsy when a notification fails to be delivered? (for permanent failures, either try to get in touch with representatives of the AS to correct the address, or deconfigure the alarm???)
What about setting the Return-Path: and Reply-To: headers to different values? When mail bounces it goes to the address specified in Return-Path, but when a human replies, the mail goes to the address specified in Reply-To (or From if Reply-To is not present).
So it could be:
Return-Path: <bitbucket@ripe.net> [...] From: myASn <myasn@ripe.net> Reply-To: risops@ripe.net
or something like that.
If you want automatic bounce unsubscription, you could set the Return-Path to something like
Return-Path: <myasn-bounce-colitti=dia.uniroma3.it@ripe.net>
where "colitti=dia.uniroma3.it" is the address that the notification was sent to. Then you can hook up a script to all myasn-bounce-*@ripe.net mailboxes that automatically unsubscribes after one or more bounces.
Interesting idea, although we need to take a bit of care security-wise. If we do an automatic unsubscribe, we'd need to: - Make the bound address non-predictable (hash with a secret would work): $ echo 'dia.uniroma3.it@ripe.net LotsOfRoutes' | md5sum 61081c9ee3097365710e7a0881f79e70 Return-Path <myasn-bounce-colitti=61081c9ee3097365710e7a0881f79e70@ripe.net> That way I couldn't unsubscribe you by sending to your bounce address, since I won't be able to guess what your bounce auto-unsubscribe is. It can still be found by anyone who can read your mail, but there's not much we can do about that. - Track this information so that the user can be notified when they log in that their alarms are no disabled, and for what reason, and what they can do about it. Also, what about temporary delays? Do those go to the "Return-Path:"? I'd hate for someone to get unsubscribed because they exceeded their disk quota and had a bounce that made it through 30 minutes later. -- Shane Kerr RIPE NCC
Shane Kerr wrote:
Interesting idea, although we need to take a bit of care security-wise. If we do an automatic unsubscribe, we'd need to:
- Make the bound address non-predictable (hash with a secret would work):
$ echo 'dia.uniroma3.it@ripe.net LotsOfRoutes' | md5sum 61081c9ee3097365710e7a0881f79e70
Return-Path <myasn-bounce-colitti=61081c9ee3097365710e7a0881f79e70@ripe.net>
That way I couldn't unsubscribe you by sending to your bounce address,
Hmm... yes, I hadn't thought of that. Well, I was 50% there, wasn't I? :)
Also, what about temporary delays? Do those go to the "Return-Path:"? I'd hate for someone to get unsubscribed because they exceeded their disk quota and had a bounce that made it through 30 minutes later.
I think so. But the only way to get around this is to keep state for every subscriber, right? Cheers, Lorenzo -- --------------------------------------------------------- Lorenzo Colitti Ph.D student Computer Networks research group Roma Tre University colitti@dia.uniroma3.it +39-0655173215 ---------------------------------------------------------
participants (4)
-
Lorenzo Colitti -
Matthew Williams -
Rene Wilhelm -
Shane Kerr