On 08/06/2018 11:10 AM, David Galloway wrote: > > > On 08/06/2018 10:55 AM, David Galloway wrote: >> >> On 08/03/2018 01:42 PM, David Galloway wrote: >>> Hi all, >>> >>> Yesterday, tracker.ceph.com was the target of a spam attack. The >>> Redmine REST API was used to create bogus accounts which went on to >>> create over a thousand bogus Redmine issues. The API was disabled >>> yesterday morning to stop the attack. >>> >>> I've put some measures in place this morning to rate limit account >>> creations and prevent issues from getting created via the API entirely. >>> The API was re-enabled around 13:30 UTC today. >>> >>> A remaining side effect of the attack is the VM which Redmine is hosted >>> on has been blocked from sending outgoing e-mails. All outgoing e-mail >>> has been deferred since yesterday at 11:41 UTC. >>> >> >> Outgoing mail is being processed again. > > I spoke too soon. As soon as mail started going out again, we got > blacklisted from all the queued mail going out at once. > > I put some throttling in place and deleted all the outgoing messages > with the spammer's domain in them. Will hopefully be back in business soon. Just wanted to provide an update on outgoing tracker e-mails. Our IP kept getting blocked by OVH's automated anti-spam system within 2 e-mails after unblocking the IP. I implemented an SPF DNS record as well as DKIM e-mail signing today as per OVH's recommendation and the IP got blocked again. I've asked OVH for additional recommendations on how to remedy the situation. So for now, unfortunately, tracker/Redmine is still blocked from sending outgoing e-mails. Really sorry for the inconvenience.
