public inbox for [email protected]  

help / color / mirror / Atom feed

From: Alvaro Herrera <[email protected]>
To: Marc G. Fournier <[email protected]>
Cc: Marc G. Fournier <[email protected]>
Cc: w^3 <[email protected]>
Subject: Re: news gateway malfunctioning?
Date: Thu, 5 Mar 2009 10:27:28 -0300
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
	<[email protected]>

Marc G. Fournier wrote:
> On Wed, 4 Mar 2009, Alvaro Herrera wrote:
>
>> Lately I have gotten a number of moderation request for -hackers and
>> other lists that look like the attached message.  From the header it
>> looks to me like they are coming from the USENET gateway; I wonder
>> what's up with the "RCPT TO" stuff at the top of the body of the
>> message.  Is the gateway getting confused by the mangling done by the
>> spam checker?
>
> I'm a bit lost here, so bare with me ...
>
> First question, I guess, is whether there are othe rmessages showing up  
> that RCPT TO stuff, or is it just these types of 'spam' messages ... ?

As far as I can tell, it's only spam messages that are KOI8-R encoded.
Strangely no other spam message seems to suffer the same fate.  Maybe
something is buggy in the usenet gateway path that gets confused by a
KOI8-R escape sequence or something, and ends up inserting an extra
carriage return.

> The oddness here is that it almost looks like someone manually connected  
> to the smtp port and tried to inject the message manually ... and ended 
> up injecting the 'formatted message' that has all the SMTP cmds embeded 
> ...

Well, it's consistent enough that I doubt that's the case.  I attach a
pair of messages here.  As far as I can tell, they are both exactly the
same message, except that one was passed through the usenet gateway.

-- 
Alvaro Herrera                                http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

__ 
The following request:

  "(post to pgsql-hackers)"

was sent to postgresql.org
by [email protected] (=?koi8-r?B?88/T1MHXzMXOycUgzs/Nxc7LzMHU1dLZIMTFzA==?=).

The request requires your confirmation for the following reason(s):

  The author ([email protected] (=?koi8-r?B?88/T1MHXzMXOycUgzs/Nxc7LzMHU1dLZIMTFzA==?=))
  is not a member of any of the restrict_post groups.
  

To accept or reject this request, please do one of the following:

1. If you have web browsing capability, visit
   <http://mail.postgresql.org/mj/mj_confirm/domain=postgresql.org?t=AFDB-1B52-CAF6;
   and follow the instructions there.

2. Reply to [email protected] 
   with one of the following two commands in the body of the message:

    accept
    reject

   (The number AFDB-1B52-CAF6 must be in the Subject header)

3. Reply to [email protected] 
   with one of the following two commands in the body of the message:
   
    accept AFDB-1B52-CAF6
    reject AFDB-1B52-CAF6

4. If you know the administrative password for the pgsql-hackers list,
   all pending requests can be managed by visiting
   <http://mail.postgresql.org/mj/mj_wwwadm/domain=postgresql.org/pgsql-hackers?func=showtokens;

If you do not respond within 7 days, this token will expire,
and the request will not be completed.



Делопроизводство -  организация документооборота предприятия 
Вся информация по тел: [495] 792*--21 22, 4Ч5Ч05З

  
    18 Mарtа 2ОО9 г.
  

Программа мероприятия 1-й день: 

  Нормативно-правовые акты по делопроизводству. Основные категории документов. Создание Табеля унифицированных форм документов предприятия=
__ 
The following request:

  "(post to pgsql-hackers)"

was sent to postgresql.org
by [email protected].

The request requires your confirmation for the following reason(s):

  The author ([email protected])
  is not a member of any of the restrict_post groups.
  

To accept or reject this request, please do one of the following:

1. If you have web browsing capability, visit
   <http://mail.postgresql.org/mj/mj_confirm/domain=postgresql.org?t=B458-2AF8-2D95;
   and follow the instructions there.

2. Reply to [email protected] 
   with one of the following two commands in the body of the message:

    accept
    reject

   (The number B458-2AF8-2D95 must be in the Subject header)

3. Reply to [email protected] 
   with one of the following two commands in the body of the message:
   
    accept B458-2AF8-2D95
    reject B458-2AF8-2D95

4. If you know the administrative password for the pgsql-hackers list,
   all pending requests can be managed by visiting
   <http://mail.postgresql.org/mj/mj_wwwadm/domain=postgresql.org/pgsql-hackers?func=showtokens;

If you do not respond within 7 days, this token will expire,
and the request will not be completed.


MAIL FROM: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
DATA
MAIL FROM: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
DATA
Received: from 116.22.234.180 by fw.abbnm.com; Wed, 4 Mar 2009 23:34:32 +0800
Message-ID: <[email protected]>
From: =?koi8-r?B?6c3JxNYgz8bJ0y3Nxc7FxNbF0sE=?= <[email protected]>
To: <[email protected]>
Subject: =?koi8-r?B?5tXOy8PJz87BzNjO2cUgz8LR2sHOzs/T1MkgIMkg3NTJy8XUICDTzNXW?=
	=?koi8-r?B?xcLO2cggz9TOz9vFzsnKINPFy9LF1MHS0Q==?=
Date: Wed, 4 Mar 2009 23:34:32 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0007_01C99CDE.B7163B10"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.2663
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2663

This is a multi-part message in MIME format.

------=_NextPart_000_0007_01C99CDE.B7163B10
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: quoted-printable


=EE=CF=D2=CD=C1=D4=C9=D7=CE=CF-=D0=D2=C1=D7=CF=D7=D9=C5 =C1=CB=D4=D9 =D0=CF=
 =C4=C5=CC=CF=D0=D2=CF=C9=DA=D7=CF=C4=D3=D4=D7=D5. =F0=D2=C1=CB=D4=C9=DE=C5=
=D3=CB=C1=D1 =D2=C1=C2=CF=D4=C1 =D3 =C4=CF=CB=D5=CD=C5=CE=D4=C1=CD=C9=20
=F0=CF =D7=CF=D0p=CFc=C1=CD =D0=CF=C4=D2=CF=C2=CE=CF=CA =C9=CE=C6=CF=D2=CD=C1=
=C3=C9=C9 =C9 p=C5=C7uc=D4=C1p=C1=C3uu =CF=C2p=C1=DD=C1=CA=D4=C5c=D8 =D0=CF=
 =D4=C5=CC: (495) 792-=C4=D7=C1=C4=C3=C1=D4=D8 =CF=C4=C9=CE-=C4=D7=C1=C4=C3=
=C1=D4=D8 =C4=D7=C1, 4=FE5-4=EF-=D0=D1=D4=D8=C4=C5=D3=D1=D8 =D4=D2=C9

 =20
    l8 M=C1rt=C1 2OO9 =C7.
 =20

=F0=D2=CF=C7=D2=C1=CD=CD=C1 =CD=C5=D2=CF=D0=D2=C9=D1=D4=C9=D1 1-=CA =C4=C5=CE=
=D8:=20

  =EE=CF=D2=CD=C1=D4=C9=D7=CE=CF-=D0=D2=C1=D7=CF=D7=D9=C5 =C1=CB=D4=D9 =D0=CF=
 =C4=C5=CC=CF=D0=D2=CF=C9=DA=D7=CF=C4=D3=D4=D7=D5. =EF=D3=CE=CF=D7=CE=D9=C5=
 =CB=C1=D4=C5=C7=CF=D2=C9=C9 =C4=CF=CB=D5=CD=C5=CE=D4=CF=D7. =F3=CF=DA=C4=C1=
=CE=C9=C5 =F4=C1=C2=C5=CC=D1 =D5=CE=C9=C6=C9=C3=C9=D2=CF=D7=C1=CE=CE=D9=C8 =
=C6=CF=D2=CD =C4=CF=CB=D5=CD=C5=CE=D4=CF=D7 =D0=D2=C5=C4=D0=D2=C9=D1=D4=C9=D1=

view thread (3+ messages)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: news gateway malfunctioning?
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox