diff options
Diffstat (limited to 'issues.json')
| -rw-r--r-- | issues.json | 617 |
1 files changed, 617 insertions, 0 deletions
diff --git a/issues.json b/issues.json new file mode 100644 index 0000000..835589f --- /dev/null +++ b/issues.json @@ -0,0 +1,617 @@ +{ + "id": 12095, + "owner": { + "canonical_name": "~runxiyu", + "name": "runxiyu" + }, + "created": "2023-08-09T18:38:02+00:00", + "updated": "2023-08-09T18:38:02+00:00", + "name": "smlmp", + "description": "Tickets for the [Simple Mailing List Management Program](https://sr.ht/~runxiyu/smlmp)", + "labels": [ + + ], + "tickets": [ + { + "id": 6, + "created": "2023-07-15T19:29:44+00:00", + "updated": "2024-04-04T17:48:11+00:00", + "submitter": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ref": "~runxiyu/smlmp#6", + "subject": "No return path guarantee", + "body": "The `envelope_from` address which is used to direct bounces caught via the SenderReply exception is not guaranteed to be a valid return address. Some authentication-related checking may be necessary.\n\nWe could perhaps simply use the body `From` header's address for most SenderReply bounces (and also add `In-Reply-To` via `Message-ID`), but this won't be guarantee to if the original message fails DKIM. We need a better method to handle bounces before or during DKIM checks.\n\nIn the following exchange, an unauthorized server (`de.andrewyu.org`) attempts to make `mail.andrewyu.org` think that it's (as in make the latter think the former is) `mail.noisytoot.org`, and attempts to send mail as `andrew@noisytoot.org` in both the envelope and `From` header. It attempts to send to the user `alwaysbounce@andrewyu.org`, which has a local delivery agent script set in `.forward` that always fails, so Postfix should be handling the bounce.\n```\nandrew@de.andrewyu.org ~ $ nc mail.andrewyu.org 25\n220 mail.andrewyu.org ESMTP andrewyu.org (Debian/GNU)\nHELO mail.noisytoot.org\n250 mail.andrewyu.org\nMAIL FROM: andrew@noisytoot.org\n250 2.1.0 Ok\nRCPT TO: alwaysbounce@andrewyu.org\n250 2.1.5 Ok\nDATA\n354 End data with <CR><LF>.<CR><LF>\nFrom: andrew@noisytoot.org\nTo: alwaysbounce@andrewyu.org\nSubject: Sending to an address that Postfix bounces, from an impersonated envelope from, and impersonated MIME From\n\nToo lazy to write content.\n.\n250 2.0.0 Ok: queued as 9372AFC0FE\n```\n\nWhen I then checked the mailbox for `andrew@noisytoot.org`, I found the bounce laying there. So apparently Postfix doesn't have a good way either.\n\nNow I'm thinking of checking SPF (alignment with envelope from) and such, but that has two problems:\n1. What if the sending user is already using a relay? We would be erroneously rejecting messages. Although most users don't do so.\n2. Even if we notice that their SPF fails, what are we going to do about it? Silently drop? Or exit abnormally so Postfix returns the email however it wants?", + "status": "REPORTED", + "resolution": "UNRESOLVED", + "labels": [ + + ], + "assignees": [ + + ], + "upstream": "https://todo.sr.ht", + "events": [ + { + "id": 251623, + "created": "2023-07-15T19:29:44+00:00", + "event_type": [ + "CREATED" + ], + "old_status": null, + "old_resolution": null, + "new_status": null, + "new_resolution": null, + "participant": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ticket_id": 6, + "comment": null, + "label": null, + "by_user": null, + "from_ticket_id": null, + "upstream": "https://todo.sr.ht" + }, + { + "id": 251624, + "created": "2023-07-15T19:37:06+00:00", + "event_type": [ + "COMMENT" + ], + "old_status": null, + "old_resolution": null, + "new_status": null, + "new_resolution": null, + "participant": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ticket_id": 6, + "comment": { + "id": 102281, + "created": "2023-07-15T19:37:06+00:00", + "author": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "text": "If we act as our own receiving MTA and directly process connections from outside servers (which isn't hard in-and-of-itself, but would not easily and peacefully coexist with Postfix as only one process could bind to relevant ports such as 25), perhaps there's something in the SMTP envelope RFC that allows us to reject mail as we're reading through the DATA? (And of course, in that case we could easily reject invalid RCPT TO's.)\n\nIs it possible to let Postfix outright reject an email during DATA or immediatly after the end of DATA, instead of giving SMTP 250 Ok?\n" + }, + "label": null, + "by_user": null, + "from_ticket_id": null, + "upstream": "https://todo.sr.ht" + }, + { + "id": 251625, + "created": "2023-07-15T19:50:25+00:00", + "event_type": [ + "COMMENT" + ], + "old_status": null, + "old_resolution": null, + "new_status": null, + "new_resolution": null, + "participant": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ticket_id": 6, + "comment": { + "id": 102282, + "created": "2023-07-15T19:50:25+00:00", + "author": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "text": "Or just delegate it to the MTA that launched our MDA.\n\n\n`pipe.8` says\n```\nCommand exit status codes are expected to follow the conventions defined\nin <sysexits.h>. Exit status 0 means normal successful completion.\n\nIn the case of a non-zero exit status, a limited amount of command\noutput is logged, and reported in a delivery status notification. When\nthe output begins with a 4.X.X or 5.X.X enhanced status code, the status\ncode takes precedence over the non-zero exit status (Postfix version 2.3\nand later).\n\nAfter successful delivery (zero exit status) a limited amount of command\noutput is logged, and reported in \"success\" delivery status\nnotifications (Postfix 3.0 and later). This command output is not\nexamined for the presence of an enhanced status code.\n```\n\nSimiler for `local.8`.\n" + }, + "label": null, + "by_user": null, + "from_ticket_id": null, + "upstream": "https://todo.sr.ht" + }, + { + "id": 251626, + "created": "2023-07-16T03:53:56+00:00", + "event_type": [ + "COMMENT" + ], + "old_status": null, + "old_resolution": null, + "new_status": null, + "new_resolution": null, + "participant": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ticket_id": 6, + "comment": { + "id": 102283, + "created": "2023-07-16T03:53:56+00:00", + "author": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "text": "```\r\n19:31 <AndrewYu> Hi... how does a receiving MTA properly determine return path when needing to bounce?\r\n19:32 <AndrewYu> https://todo.sr.ht/~andrewyu/smlmp/6 context\r\n19:33 <lunaphyte> return path is just [yet another] fancy term for the envelope sender\r\n19:34 <lunaphyte> when an mta accepts a message, it records the envelope sender as part of its queuing process. if it decides to create a bounce message due to deliverability problem [or whatever], it references the envelope sender it recorded when it accepted the message\r\n19:37 <AndrewYu> Yes... My question is, how does the MTA determine the envelope sender to be valid. let me attempt to rephrase \r\n19:37 <lunaphyte> using other values to determine where to send bounce messages is a bad, bad, idea. please don't do that\r\n19:38 <lunaphyte> here is the actual question you need to be asking: \"why are there bounce messages getting generated?\"\r\n19:38 <lunaphyte> define\" valid\"\r\n19:51 [AndrewYu away: sleep]\r\n00:50 <AndrewYu> lunaphyte: My (custom) mailing list manager has detected a problem in a message and needs to reject the email \r\n01:38 <lunaphyte> what problem?\r\n01:57 <AndrewYu> Something like, \"this user does not have permission to send to this list\", or \"MIME attachments are not allowed\" \r\n02:16 <@rob0> the MLM typically sets its own envelope sender address. That's the address that receives list bounces.\r\n02:27 <pj> AndrewYu: I would recommend that you attempt to reject the message instead of sending a bounce, otherwise your server will become a backscatter source.\r\n02:31 <pj> It basically means that your MTA needs to have a mechanism to reject the message before it's queued, postfix can do this given the proper configuration, as well as most other major MTAs.\r\n02:34 <pj> !t AndrewYu backscatter\r\n02:34 <dig-dug> AndrewYu: backscatter: Backscatter are bounces sent to innocent systems. A spammer sent email in behalf of the victim's system. Undeliverable emails get bounced to the victim. See https://en.wikipedia.org/wiki/Backscatter_(email)\r\n03:10 <lunaphyte> your philosophy is flawed. do not accept messages and then decide if you want them. decide if you want them before you accept them, and if not, reject them\r\n03:11 <lunaphyte> why are you attempting to write more mailing list software? this is something that requires a comprehensive understanding of email, and how to operate email infrastructure responsibly\r\n03:12 <lunaphyte> a mailing list needs to require confirmed opt in before accepting messages from a given sender, which makes it easy to know if someone has permission to send to a list\r\n```" + }, + "label": null, + "by_user": null, + "from_ticket_id": null, + "upstream": "https://todo.sr.ht" + }, + { + "id": 339606, + "created": "2024-04-04T17:48:10+00:00", + "event_type": [ + "TICKET_MENTIONED" + ], + "old_status": null, + "old_resolution": null, + "new_status": null, + "new_resolution": null, + "participant": null, + "ticket_id": 6, + "comment": { + "id": 121476, + "created": "2024-04-04T17:48:09+00:00", + "author": { + "type": "user", + "user_id": 21372, + "canonical_name": "~tsdh", + "name": "tsdh" + }, + "text": "*Tassilo Horn referenced this ticket in commit [e6a4ce1].*\n\n[e6a4ce1]: https://git.sr.ht/~tsdh/highlight-parentheses.el/commit/e6a4ce1 \"Improve fix for #6 by always running the highlight fn in the right buffer\"" + }, + "label": null, + "by_user": { + "type": "user", + "user_id": 21372, + "canonical_name": "~tsdh", + "name": "tsdh" + }, + "from_ticket_id": 6, + "upstream": "https://todo.sr.ht" + }, + { + "id": 341999, + "created": "2024-04-04T17:48:12+00:00", + "event_type": [ + "TICKET_MENTIONED" + ], + "old_status": null, + "old_resolution": null, + "new_status": null, + "new_resolution": null, + "participant": null, + "ticket_id": 6, + "comment": { + "id": 121477, + "created": "2024-04-04T17:48:11+00:00", + "author": { + "type": "user", + "user_id": 21372, + "canonical_name": "~tsdh", + "name": "tsdh" + }, + "text": "*Tassilo Horn referenced this ticket in commit [e6a4ce1].*\n\n[e6a4ce1]: https://git.sr.ht/~tsdh/highlight-parentheses.el/commit/e6a4ce1 \"Improve fix for #6 by always running the highlight fn in the right buffer\"" + }, + "label": null, + "by_user": { + "type": "user", + "user_id": 21372, + "canonical_name": "~tsdh", + "name": "tsdh" + }, + "from_ticket_id": 5, + "upstream": "https://todo.sr.ht" + } + ] + }, + { + "id": 5, + "created": "2023-07-14T18:29:42+00:00", + "updated": "2023-07-14T19:17:15+00:00", + "submitter": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ref": "~runxiyu/smlmp#5", + "subject": "Validate database and configuration", + "body": "<!--\nPlease enter the subject of the new ticket above. The subject line\ncan be followed by a blank line and a Markdown description. An\nempty subject aborts the ticket.\n-->\n\nCurrently, the database and configuration are assumed to be in a consistent and correct state. If users manually edit them, however, the configuration may be in a broken state (e.g. selectors have values that are other than their correct options, numbers being negative, etc.). We therefore need to implement validation to better hangle these edge cases, perhaps by reporting errors to the instance administrator.", + "status": "REPORTED", + "resolution": "UNRESOLVED", + "labels": [ + + ], + "assignees": [ + + ], + "upstream": "https://todo.sr.ht", + "events": [ + { + "id": 251620, + "created": "2023-07-14T18:29:42+00:00", + "event_type": [ + "CREATED" + ], + "old_status": null, + "old_resolution": null, + "new_status": null, + "new_resolution": null, + "participant": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ticket_id": 5, + "comment": null, + "label": null, + "by_user": null, + "from_ticket_id": null, + "upstream": "https://todo.sr.ht" + }, + { + "id": 251621, + "created": "2023-07-14T19:17:15+00:00", + "event_type": [ + "ASSIGNED_USER" + ], + "old_status": null, + "old_resolution": null, + "new_status": null, + "new_resolution": null, + "participant": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ticket_id": 5, + "comment": null, + "label": null, + "by_user": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "from_ticket_id": null, + "upstream": "https://todo.sr.ht" + } + ] + }, + { + "id": 7, + "created": "2023-07-15T19:50:40+00:00", + "updated": "2023-07-15T19:50:40+00:00", + "submitter": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ref": "~runxiyu/smlmp#7", + "subject": "Consider LMTP", + "body": "", + "status": "REPORTED", + "resolution": "UNRESOLVED", + "labels": [ + + ], + "assignees": [ + + ], + "upstream": "https://todo.sr.ht", + "events": [ + { + "id": 251622, + "created": "2023-07-15T19:50:40+00:00", + "event_type": [ + "CREATED" + ], + "old_status": null, + "old_resolution": null, + "new_status": null, + "new_resolution": null, + "participant": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ticket_id": 7, + "comment": null, + "label": null, + "by_user": null, + "from_ticket_id": null, + "upstream": "https://todo.sr.ht" + } + ] + }, + { + "id": 1, + "created": "2023-07-13T04:06:10+00:00", + "updated": "2023-07-15T18:32:38+00:00", + "submitter": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ref": "~runxiyu/smlmp#1", + "subject": "Relay access denied", + "body": "<!--\nPlease enter the subject of the new ticket above. The subject line\ncan be followed by a blank line and a Markdown description. An\nempty subject aborts the ticket.\n-->\n\nA plain unauthenticated SMTP connection to `localhost:25` is an attempt to use the MTA as an open relay, which obviously won't work on properly configured MTAs.\n\nDemonstration:\n\n```\nandrew@andrewyu:~$ nc localhost 25\n220 mail.andrewyu.org ESMTP andrewyu.org (Debian/GNU)\nHELO mail.andrewyu.org\n250 mail.andrewyu.org\nMAIL FROM: andrew@andrewyu.org\n250 2.1.0 Ok\nRCPT TO: andrew@noisytoot.org\n554 5.7.1 <andrew@noisytoot.org>: Relay access denied\n```", + "status": "REPORTED", + "resolution": "UNRESOLVED", + "labels": [ + + ], + "assignees": [ + + ], + "upstream": "https://todo.sr.ht", + "events": [ + { + "id": 251612, + "created": "2023-07-13T04:06:10+00:00", + "event_type": [ + "CREATED" + ], + "old_status": null, + "old_resolution": null, + "new_status": null, + "new_resolution": null, + "participant": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ticket_id": 1, + "comment": null, + "label": null, + "by_user": null, + "from_ticket_id": null, + "upstream": "https://todo.sr.ht" + }, + { + "id": 251613, + "created": "2023-07-13T04:06:32+00:00", + "event_type": [ + "ASSIGNED_USER" + ], + "old_status": null, + "old_resolution": null, + "new_status": null, + "new_resolution": null, + "participant": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ticket_id": 1, + "comment": null, + "label": null, + "by_user": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "from_ticket_id": null, + "upstream": "https://todo.sr.ht" + }, + { + "id": 251614, + "created": "2023-07-14T19:28:43+00:00", + "event_type": [ + "COMMENT" + ], + "old_status": null, + "old_resolution": null, + "new_status": null, + "new_resolution": null, + "participant": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ticket_id": 1, + "comment": { + "id": 102279, + "created": "2023-07-14T19:28:43+00:00", + "author": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "text": "Make sure that `smtpd_relay_restrictions` in `main.cf` includes `permit_mynetworks` and things should work.\n\nHowever, I wonder how GNU Mailman and other MLMs do it, since I don't recall needing to permit local relaying when using Mailman 2's SMTPDirect. Relying on relay access seems to be incorrect.\n" + }, + "label": null, + "by_user": null, + "from_ticket_id": null, + "upstream": "https://todo.sr.ht" + }, + { + "id": 251615, + "created": "2023-07-15T18:32:38+00:00", + "event_type": [ + "COMMENT" + ], + "old_status": null, + "old_resolution": null, + "new_status": null, + "new_resolution": null, + "participant": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ticket_id": 1, + "comment": { + "id": 102280, + "created": "2023-07-15T18:32:38+00:00", + "author": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "text": "Please note that `permit_mynetworks` must come BEFORE any relevant `reject...` clauses such as `reject_unauth_destination`. Otherwise the email will be rejected.\n" + }, + "label": null, + "by_user": null, + "from_ticket_id": null, + "upstream": "https://todo.sr.ht" + } + ] + }, + { + "id": 2, + "created": "2023-07-13T05:14:44+00:00", + "updated": "2023-07-13T05:19:18+00:00", + "submitter": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ref": "~runxiyu/smlmp#2", + "subject": "Use Authentication-Results header", + "body": "The `Authentication-Results` header is provided by many MTAs (such as Postfix with OpenDKIM). When such a header is found, it should be used, instead of the program attempting to use the `dkimpy` module to re-verify DKIM.\n\nBy default, OpenDKIM only adds `Authentication-Results` when the originating domain has a \"signs all\" policy. Add `AlwaysAddARHeader yes` to `opendkim.conf` to override this. However, note that `Authentication-Results` would NOT be added to mail sent by the MTA to a user on itself, since it'd be signing rather than verifying in its pass through OpenDKIM. In this case, the `Authentication-Results` header would be completely missing, rather than some variation of `none` or `fail`. Is it safe to assert that the email comes from our own server in this situation?", + "status": "REPORTED", + "resolution": "UNRESOLVED", + "labels": [ + + ], + "assignees": [ + + ], + "upstream": "https://todo.sr.ht", + "events": [ + { + "id": 251616, + "created": "2023-07-13T05:19:18+00:00", + "event_type": [ + "ASSIGNED_USER" + ], + "old_status": null, + "old_resolution": null, + "new_status": null, + "new_resolution": null, + "participant": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ticket_id": 2, + "comment": null, + "label": null, + "by_user": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "from_ticket_id": null, + "upstream": "https://todo.sr.ht" + }, + { + "id": 251617, + "created": "2023-07-13T05:14:44+00:00", + "event_type": [ + "CREATED" + ], + "old_status": null, + "old_resolution": null, + "new_status": null, + "new_resolution": null, + "participant": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ticket_id": 2, + "comment": null, + "label": null, + "by_user": null, + "from_ticket_id": null, + "upstream": "https://todo.sr.ht" + } + ] + }, + { + "id": 3, + "created": "2023-07-13T05:19:02+00:00", + "updated": "2023-07-13T05:19:12+00:00", + "submitter": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ref": "~runxiyu/smlmp#3", + "subject": "Local command archive delivery", + "body": "While the support for an external archive via email forwarding will still be supported (I mean, probably...), using this to deliver to a user that runs public-inbox in `.forward`, which requires public-inbox to read the `List-ID` header to identify mailing lists, is a security vulnerability as malicious users who want to inject content into the mailing list archives could send email with `List-ID` directly to the public inbox user.\n\nArchival should support calling local mail delivery agents, setting necessary environment variables (especially `ORIGINAL_RECIPIENT`) as appropriate.", + "status": "REPORTED", + "resolution": "UNRESOLVED", + "labels": [ + + ], + "assignees": [ + + ], + "upstream": "https://todo.sr.ht", + "events": [ + { + "id": 251618, + "created": "2023-07-13T05:19:02+00:00", + "event_type": [ + "CREATED" + ], + "old_status": null, + "old_resolution": null, + "new_status": null, + "new_resolution": null, + "participant": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ticket_id": 3, + "comment": null, + "label": null, + "by_user": null, + "from_ticket_id": null, + "upstream": "https://todo.sr.ht" + }, + { + "id": 251619, + "created": "2023-07-13T05:19:12+00:00", + "event_type": [ + "ASSIGNED_USER" + ], + "old_status": null, + "old_resolution": null, + "new_status": null, + "new_resolution": null, + "participant": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "ticket_id": 3, + "comment": null, + "label": null, + "by_user": { + "type": "email", + "address": "andrew@andrewyu.org", + "name": "~andrewyu" + }, + "from_ticket_id": null, + "upstream": "https://todo.sr.ht" + } + ] + } + ] +} |