r3 - 2007-12-27 - 00:30:48 - BradKnowlesYou are here: NTP >  Support Web > AntiSpam > MailingLists
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p11 was released on 27 February 2018. It addresses 2 low-/medium-, 1 informational-/medium-, and 2 low-severity security issues in ntpd, 1 medium-severity security issue in ntpq, and provides over 65 non-security bugfixes and other improvements over 4.2.8p10.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
The NTP Project uses the industry-standard Mailman mailing list management software.

This software includes many features to help make it easier for users to subscribe and post to lists they want or to see messages from mailing lists they're interested in, for moderators to view incoming messages that are waiting to be posted to a mailing list, for administrators to monitor and manage existing mailing lists as well as create new ones, and for the list owners and site administrators to set very flexible policies and procedures for handling various different kinds of desirable or undesirable traffic. A longer list of features can be found at http://www.list.org/features.html.

An index of our public mailing lists can be found at http://lists.ntp.org/. All of these mailing lists have publicly accessible archives, which can be read by subscribers and non-subscribers alike, without any requirement to provide a login or password.

The AntiSpam measures which are implemented on the ntp.org mail system are applied across the board before the messages are handed off to Mailman, where additional anti-spam or other controls may be implemented on either a site-wide or list-specific basis using internal Mailman-specific methods. This is a necessary side-effect of the only method supported by Mailman for integration with an Internet e-mail system. Some of the additional Mailman anti-spam measures include:

  • Moderation
    • For most mailing lists, posts from non-subscribers are held for moderation (by default)
      • For certain specific mailing lists, posts from non-subscribers are rejected (by default)
    • New subscribers are moderated by default
      • Once the subscriber demonstrates that they are a human being and not a program, and that they are capable of posting messages that are at least minimally on-topic and not some form of spam, their "moderation bit" will be cleared, and they will be able to post messages in the future without going through the moderation system
    • We make every effort to check the moderation queues for all mailing lists on a timely basis
      • Usually at least once a day, sometimes twice a day or more
    • For those messages which are rejected by the moderator, we try to provide a good explanation as to why it was rejected
    • Once a message has entered a moderation queue, the sender will be sent a short message indicating this fact and providing more information that they may find useful, while they wait for action to be taken by a human moderator
      • The system has built-in limits so that it does not send back more than a certain number of notices per day to the same address, so as to reduce the risk of our systems being used as a way of attacking someone else (see "Joe Job")
  • Content types
    • Most mailing lists are restricted to plain ASCII text
      • Messages posted in HTML format will be converted to ASCII text before being posted to the list
    • Cryptographic signatures of recognized types are considered to be approved content and allowed through
    • Unapproved content types (i.e., most "attachments") will be stripped
  • Message size
    • Most mailing lists are relatively restricted in terms of the maximum size of message they will accept
      • Messages that are larger than this limit will be placed in the moderation queue, and the sender will be notified
  • Too many recipients
    • If a message comes in that has been addressed to a large number of recipients (including one or more of the mailing lists), then it will be rejected or placed in the moderation queue, as appropriate for that particular list
      • In this case, "large" usually means ten or more recipients listed in the "To:" or "Cc:" header fields
  • Implicit addressing
    • If a message is received that does not explicitly list the mailing list address as a recipient in either the "To:" or "Cc:" header fields, then it will be rejected or placed in the moderation queue, as appropriate for that particular list
  • Whitelists & Blacklists
    • Additional white or black lists are maintained and used within Mailman on a per-list basis
      • Messages coming from an address on the white list will be allowed through without moderation, even if the sender is not a subscriber to the list
      • Messages coming from an address on the black list will be rejected or discarded by Mailman, according to the list configuration
  • Additional anti-spam rules may be applied (see the Mailman documentation)

Note that all mailing lists at this site are operated on an opt-in basis only. We work very hard to keep spam from getting into the system from the outside world, and we work very hard to keep our mailing lists from being used to abuse or spam others.

The NTP Project also hosts one IETF mailing list, specifically for the NTP Working Group, for which the mailing list is located at https://lists.ntp.org/mailman/listinfo/ntpwg and our TWiki Web is at http://support.ntp.org/bin/view/IETF/WebHome. Details on how the above issues are addressed with regards to the NTPWG list can be found at IetfMailingLists.

Please contact our Postmaster Services Team if you have any further questions regarding any mailing list hosted at our site.

-- BradKnowles - 21 Dec 2007

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r3 < r2 < r1 | More topic actions
 
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback