[Owasp-board] Mailman Update

Matt Tesauro matt.tesauro at owasp.org
Wed Jun 6 14:37:15 UTC 2012


Tom:  You now have access to Barracuda - look for an email shortly with
your account access.  I only found the place to add users last night when
trying to add Achim.  Does this mean you do no want to migrate Mailman to
OSL?

Achim Hoffmann emailed me directly yesterday offering to sort out the
Mailman issues and I've given him access this AM.  I am using this email to
assist in coordination so that we are not stepping on others toes.

The primary issue we are having currently is that Sendmail on
lists.owasp.org is getting overwhelmed by the Barracuda filter for inbound
emails to lists.owasp.org.  Sendmail is refusing connections with "421
4.3.2 Connection rate limit exceeded.".  I had some direct messages with
David from the leaders list about tweaks to the Sendmail configuration.
 I've made the suggested changes but we are still getting messages spooled
on Barracuda as of this AM.  I have been manually forwarding the 1% that
are not blatant SPAM.

There are definitely many bounces caused by the lack of an MX record on
mail.owasp.org but that is a secondary issue for Mailman in my opinion.  We
get thousands of bounces daily.

--
-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site


On Wed, Jun 6, 2012 at 8:26 AM, Tom Brennan <tomb at owasp.org> wrote:

> MAILMAN UPDATE
>
> When a mail is sent to   xxxx.lists.owasp.org the first stop is:
>
> lists.owasp.org mail exchanger = 10 d15006a.ess.barracudanetworks.com
> 64.235.150.197<http://www.mxtoolbox.com/SuperTool.aspx?action=mx%3alists.owasp.org#>
> lists.owasp.org mail exchanger = 20 d15006b.ess.barracudanetworks.com
> 64.235.150.197<http://www.mxtoolbox.com/SuperTool.aspx?action=mx%3alists.owasp.org#>
>
> ** Yes both MX records point to the same IP
>
> Then the mail is scrubbed and if passes the smell test forward to what IP
> address at Rackspace (see config in the barracuda mail appliance)  There is
> a A record in DNS pointing to lists.owasp.org @ 50.56.58.227 this is at
> Rackspace http://whois.domaintools.com/50.56.58.227
>
> We are running version:  2.1.13, current version is: The current stable
> GNU Mailman version is 2.1.15rc1, released on 15-May-2012.
>
> Since I do not have console access to either the Barracuda appliance the
> host can you provide a reply with the config file (Mailman/mm_cfg.py
> configuration file) and also screen shots of the Barracuda config., this
> can then be reviewed and map it to best practices mapped to what Barry has
> wrote: http://www.gnu.org/software/mailman/mailman-install.pdf  *Another
> thread - shot a note to Barry Warsaw for a recommendation for a 3rd party
> admin moving forward.
>
> In addition we should then publish a recommended config for each list that
> is managed by a project leader or a chapter to ensure that a best practice
> is implemented. If this can be "forced" better.
>
> Separate from lists.owasp.org, our googleapps config has a inbound
> gateway set as 216.48.3.18,216.48.3.19 (see screenshot) <-- these IP
> addresses are UNKNOWN to me and during this review we should consider
> removing them from the mail config.  Perhaps *Larry* remembers what he put
> these in place for (also see attached)  /
> http://whois.domaintools.com/216.48.3.18 otherwise these will be removed
> on Friday 8-June
>
> Thank in advance Matt, Larry -- this migration has been a bumpy one and
> still is not completed but June is the month so I don't have to goto
> Blackhat/Defcon and be poked on how OWASP can't run a simple mailman <grin>
>
> =======
>
> Since we also have "managed hosting" by Rackspace I would be happy to work
> the ticket with them as well but based on what we are paying for, i believe
> this is out of scope?
>
> *
> *
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20120606/c79b1dba/attachment-0002.html>


More information about the Owasp-board mailing list