Page MenuHomePhabricator
Create Task
Maniphest T242049

Add security-team@wikimedia.org as recipient of any abuse@ emails
Closed, ResolvedPublic
Actions

Description

In T241078, the Security team was added as recipients for emails to abuse@wikimedia.org. Thanks for doing that!

We would now like to be notified when anything comes in to any abuse@ mailbox (e.g, abuse@wikimedia.org or anything someone might guess is our abuse@ address). So, to make sure that the Security team reacts (when appropriate) as quickly as possible to inbound abuse requests to ANY abuse mailbox, please add security-team@wikimedia.org as a recipient for all inbound abuse@* emails.

Thank you!

Event Timeline

Dsharpe created this task.Jan 6 2020, 11:04 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 6 2020, 11:04 PM
MarcoAurelio subscribed.Jan 6 2020, 11:05 PM
Dsharpe renamed this task from Add security-team@wikimedia.org as recipient any abuse@ emails to Add security-team@wikimedia.org as recipient of any abuse@ emails.Jan 6 2020, 11:11 PM
Dzahn subscribed.Jan 6 2020, 11:48 PM

The list of domains for which exim aliases files (like the i edited for wikimedia.org to add security@ previously) exist currently is:

benefactors.wikimedia.org
pr.wikimedia.org
wikimediafoundation.org
wikimedia.org
wikipedia.org
wikivoyage.org
wmflabs.org

all others should fall back to defaults configured in exim.

Looking at the "abuse" lines of the existing templates i see they all just go to "postmaster" (and wikimedia.org goes now to postmaster, security).

The main project domains exist as symlinks to the wikimediafoundation.org, so the following are identical to the former:

mediawiki.org
wikiquote.org
wikinews.org
wikibooks.org
wikidata.org
wikisource.org
wikiversity.org
wiktionary.org
w.wiki

finally, wikivoyage.de is linked to wikivoyage.org.

Others that exist in DNS and may or may not have https redirects do not have abuse@ email addresses. ex.

abuse@wikimedia.com is undeliverable: Address abuse@wikimedia.com does not exist

Krenair subscribed.Jan 7 2020, 12:00 AM
Dzahn added a comment.Jan 7 2020, 12:01 AM

I added security-team@wikimedia.org to abuse@ for all of the above.

Dzahn closed this task as Resolved.Jan 7 2020, 12:11 AM
Dzahn claimed this task.

This should be it.. unless you are asking to add it even for things that never had working abuse@ in the past and are at best https redirects (like .com version of project names).

Dsharpe added a comment.Jan 7 2020, 2:16 AM

@Dzahn - Perfect! Thank you!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL