hey, simple question. mailgun what the fuck

i can’t fucking deliver an email to microsoft o365 but those fuckers can send 600k of them to @otter and it’s suddenly okay?????????

this is the 2nd time in 5 years of hosting this mail server that we run out of inodes on the drive

find the odd day out

@domi what happened

@pj some fucker tried subscribing @otter to some newsletter. 600k times, repeatedly

sometimes i think i’ve seen everything weird about running my infra and then this shit hits me

@domi @otter @pj well, at least you may rest in peace knowing that not having a captcha cost the newsletter authors at least $400 in mailgun charges

@domi I feel like there should be some DDoS protection if "host sends 100K+ emails" or "user address receives "10K+ emails in span of few hours"

@pj fair, altho this is the 1st time this happened >,<

i may draft a haraka plugin for it or sth

find . -type f -exec grep -l 'Please confirm your email subscriptions by completing your user registrati' {} \; | doas xargs rm

sigh one of those evenings

@domi why not grep -r only matching file names over doing a find?

@toast it felt slower when testing, but haven’t done a proper comparison. plus this one i can interrupt in the middle as it deletes files immediately, i think grep -r would cache the output?

@otter sorry about that, i cleaned up your mailbox from this spam. lmk if my script deleted anything that was actually important, we can restore from a backup

@domi shouldn’t I don’t think, the pipeline should still be parallel (so deleting files immediately)
I’d test myself but I’m currently unable to use a computer (a plague likely to last another week or two)

@toast hug hang tight

i’m done with this for tonight, so whatever. this worked. i’m going back to chilling

@pj @domi Makes me wonder if TCP rate limit could work for this, depends if they reuse the same connection or not.

@lanodan @pj my guess is that they send separate connections, but i’m not in the mood to look through Haraka logs

“i’m done with this for the evening” HAHAHA AS IF

tfw i don’t need to check what IP ranges mailgun uses, i just look at log as i input more and more iptables blocks. fuuuuuck this shiiiiit

@domi I guess it's time to resend these emails automatically back to abuse@mailgun.com with full headers.

@BluRaf if i’d resend all of them i’d just get blocked by their abuse system.

this shit is rigged

@domi i guess it’s a mail shotgun

@domi well… it's called mail **gun**

@domi Hope you get a handle on it soon. It sucks to invest time in such things.

@domi Unlimited Mail Works

@domi true, probably also would need to communicate to all (current and future) users that "hey, default limit is sending/receiving 1k mph (mail per hour)"

@domi Wow bunch of different IPs even, subnet/ASN ban time I guess.

@domi @BluRaf could you send them all in one email as attachments?

@noisytoot @BluRaf we’re talking about several gigabytes of emails, and equally as much in logs. are you out of your mind?

@domi @noisytoot @BluRaf just zstd -19 it /s

abuse mail w/ logs and an example message drafted and sent to my ISP (xoxo bgp.wtf), which has agreed to forward it further on (tysm!). now i’m done with this shit for today

there are so many more different things i wish i was doing the past two hours

a funny perk of WHY2025 is that i can just walk to the next tent over and ask what do. good support flow

@domi you could try to get mailgun beaned (most likely only temporarily) via submitting it to mail blocklists like spamhaus (if the net upstream is not doing that already)

@pj E for Effort ,_,

@domi thank youuu :3 very much appreciated