Re: Passwords in plain text

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

> Date: Friday, June 15, 2018 14:55:21 -0700
> From: Akemi Yagi <amyagi@xxxxxxxxx>
>
> On Fri, Jun 15, 2018 at 9:57 AM, Gianluca Cecchi
> <gianluca.cecchi@xxxxxxxxx> wrote:
>> 
>> Il Ven 15 Giu 2018, 18:45 Larry Martell <larry.martell@xxxxxxxxx>
>> ha scritto:
>> 
>>> On Fri, Jun 15, 2018 at 12:41 PM rj coleman
>>> <rjcdevelop@xxxxxxxxx> wrote:
>>> 
>>> > Am I the only one who just received this email from this group?
>>> > Which came with my password in the email in plain text?
> 
>>> > > Your membership in the mailing list CentOS has been disabled
>>> > > due to excessive bounces The last bounce received from you
>>> > > was dated 15-Jun-2018.  You will not get any more messages
>>> > > from this list until you re-enable your membership.  You will
>>> > > receive 3 more reminders like this before your membership in
>>> > > the list is deleted.
>>> > > 
>>> I got it as well.
>>> 
>> Mee too
> 
> I also received the "has been disabled" notification. It looks like
> users with gmail addresses are affected.
> 
> CentOS admins are looking into this issue (I believe).
> 
> Akemi

I believe this is a DMARC issue. Yahoo, among other places, has set
their dmarc records to p=reject:

  dig +short txt _dmarc.yahoo.com
  "v=DMARC1; p=reject; pct=100; rua=mailto:dmarc_y_rua@xxxxxxxxx;";

So, if your mail hosting provider enforces dmarc,(gmail does) and you
get mail from a list that doesn't rewrite the headers, and people
from places like yahoo post to the list, you'll likely get some form
of warning about being being kicked off the mailing list every now
and then. The frequency depends on how often people from p=reject
places post, and what the settings are for bounce handling of the
mailing list in question.

I believe that the current version of mailman can be configured to do
the necessary header rewrites. Some lists I'm on only do the rewrites
for headers of posts coming from p=reject sites (much less annoying
than having them all rewritten).


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux