Launchpad itself

Dead email accounts cause launchpad to mailbomb and crush subscriber inboxes

Bug #114384 reported by Sitsofe Wheeler
6
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
Critical
Björn Tillenius

Bug Description

Description of the problem:
Bug #74252 seems to have a subscriber whose email address no longer exists on it and mail sent to that address bounces back causing a staggering number of comments to be added to that bug report and completely crushes one's email inbox.

To rub salt into the wound, Bug #74252 was been marked a duplicate of the most duped launchpad bug (Bug #72018 ) which has a very large number of (perhaps now angry) subscribers who are all likely to have been hit by this.

Tags: lp-bugs
DarkMageZ (darkmagez)
Changed in malone:
status: Unconfirmed → Confirmed
Revision history for this message
Sitsofe Wheeler (sitsofe) wrote :

I guess at a bare minimum launchpad should have some rate control on the number of comments that can be received consecutively by email to a single bug report in a one hour period. The potential for abuse is also there because you could sign up someone else's account then set this problem off...

Revision history for this message
James Henstridge (jamesh) wrote :

Note that the bug mail sent out by Launchpad set the envelope sender to a separate email address (<email address hidden>), and also set the Errors-to: header.

The problem account appears to be https://launchpad.net/~nomorespam (which has its email addresses hidden -- will need admins to check this) who is a direct subscriber of bug 71657. Looking at the ubuntu-bugs mailing list archive, I find the following message for that bug:
    https://lists.ubuntu.com/archives/ubuntu-bugs/2006-November/343736.html

Now that message claims to be from an @gmail.com address, but the errors come from @shell.visi.com, so it is possible that there is a broken forwarder somewhere.

Matthew Paul Thomas (mpt)
Changed in malone:
importance: Undecided → High
Revision history for this message
Matthew Paul Thomas (mpt) wrote :

Why were comments on a duplicate bug report being sent to subscribers of the original bug report? That doesn't seem like a good idea.

Revision history for this message
Sitsofe Wheeler (sitsofe) wrote :

Matthew:
I guess it is so that any comments are seen by the widest array of related people - e.g. if someone doesn't know they should post to the original bug their comments will still be seen. It also means that if someone says "hang on this bug isn't a duplicate" again a larger number of people will see that comment.

Revision history for this message
Björn Tillenius (bjornt) wrote : Re: [Bug 114384] Re: Dead email accounts cause launchpad to mailbomb and crush subscriber inboxes

On Sun, May 13, 2007 at 10:36:58AM -0000, James Henstridge wrote:
> Now that message claims to be from an @gmail.com address, but the errors
> come from @shell.visi.com, so it is possible that there is a broken
> forwarder somewhere.

I've looked at the e-mail that was received by Launchpad, and it's
indeed a broken forwarder; it doesn't send any obvious headers we can
look for to determine that it's not a valid comment. I'm looking into
how to handle this better.

Changed in malone:
assignee: nobody → bjornt
status: Confirmed → In Progress
Revision history for this message
Matthew Paul Thomas (mpt) wrote :

My current bug page branch includes a hint, under the comment field in duplicate bug pages, that any further comments should be confined to the issue of whether it really is a duplicate. I think that's a better solution than broadcasting comments from all duplicates to subscribers to the original.

Revision history for this message
Sitsofe Wheeler (sitsofe) wrote :

Help... (Bug #114943 )

Revision history for this message
Björn Tillenius (bjornt) wrote :

Setting to critical since this happened again. I have a fix ready, just need to get it pushed out to the production servers.

Changed in malone:
importance: High → Critical
Revision history for this message
Björn Tillenius (bjornt) wrote :

Fixed in RF 4240.

Changed in malone:
status: In Progress → Fix Committed
Björn Tillenius (bjornt)
Changed in malone:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.