[Owasp-board] Got another 50 Bounces today.

Matt Tesauro matt.tesauro at owasp.org
Thu Apr 5 14:03:12 UTC 2012


Resending from right account.  Sorry for dupes.

On Thu, Apr 5, 2012 at 9:02 AM, Matt Tesauro <mtesauro at gmail.com> wrote:

> That list is not the only one.   I can talk about what I think is going on
> during the board meeting.
>
> It looks like the message Fabio sent with the subject "[Owasp-ireland]
> OWASP Ireland Event - Slides now available " to djhuges at bigfoot.com and
> mail at mailrespository.com is in a mail loop.  I can see a deferred request
> that is continuing to spool and get deferred.  If possible, whoever is the
> admin for that list _should_ be able to kill that message or remove those
> addresses from that list.  If they are legit, then you can manually add
> them back to the list but I'd wait a bit to allow the mail queue to clear.
>
> I can try and find time to see if I can remove it from the queue via the
> Mailman command line admin tools. However, I have no experience doing this
> and therefore no idea how long it will take if it is even possible.
>
> --
> -- Matt Tesauro
> OWASP International Foundation Board Member and Treasurer
>
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
>
>
> On Thu, Apr 5, 2012 at 8:51 AM, Eoin <eoin.keary at owasp.org> wrote:
>
>> Thanks Matt,
>> So why is the Ireland list getting 100's of bounce emails?
>> Eoin
>>
>>
>>
>>
>> On 5 April 2012 14:48, Matt Tesauro <matt.tesauro at owasp.org> wrote:
>>
>>> Currently we have a poorly documented Mailman 2.x setup without an
>>> assigned administrator.
>>>
>>> Mailman 2.x stores passwords in a reversible (e.g. clear text) fashion.
>>>  So we can either:
>>>
>>> (1) Move to a different list management system/software
>>> (2) Create a patch for the 2.x branch of Mailman and patch our existing
>>> installation
>>> (3) Move to Mailman 3.x which is currently not the stable branch
>>> (4) Accept that Mailman has clear text passwords (it does say not to use
>>> an important password during signup)
>>>
>>> Each of these options will require some amount of work and we currently
>>> do not have an IT administrator for our systems.  I've been trying to put
>>> out fires with Mailman but by no means understand the current configuration
>>> and my total time admin'ing Mailman is the couple of times I've tried to
>>> fix broken things or combat spam.  If we as a board determine this is a
>>> large enough issue, someone will need to step up and manage whichever
>>> option is determined to be best.
>>>
>>>  --
>>> -- Matt Tesauro
>>> OWASP Board Member
>>> OWASP WTE Project Lead
>>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>>> http://AppSecLive.org <http://appseclive.org/> - Community and Download
>>> site
>>>
>>>
>>>
>>> On Thu, Apr 5, 2012 at 8:17 AM, Eoin <eoin.keary at owasp.org> wrote:
>>>
>>>> Password is also being sent in the clear.
>>>> What can we do??
>>>>
>>>>
>>>> Eoin Keary
>>>> BCC Risk Advisory
>>>> Owasp Global Board
>>>> +353 87 977 2988
>>>>
>>>>
>>>
>>
>>
>> --
>> Eoin Keary
>> OWASP Global Board Member (Vice Chair)
>>
>> https://twitter.com/EoinKeary
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20120405/5bdf2f8c/attachment.html>


More information about the Owasp-board mailing list