element-hq / synapse

Synapse: Matrix homeserver written in Python/Twisted.
https://element-hq.github.io/synapse
GNU Affero General Public License v3.0
1.48k stars 182 forks source link

Soft-failures make federated bans racy and frustrate redaction #9329

Open matrixbot opened 10 months ago

matrixbot commented 10 months ago

This issue has been migrated from #9329.


I've come across this issue twice in two days:

I think the issue is:

A sample is below. Mjolnir's FirstMessageIsImageProtection banned and redacted the user after they sent three images, but their fourth image is soft-failed, making redaction impossible.

archlinux.org rejected the message:

[root@matrix ~]# journalctl --since='3 hours ago' | grep "\$WM5mW7VqMvW19ceHPt1r-jrLCPJE8pGCVXfVZKQ47io"
Feb 04 14:04:17 matrix.archlinux.org synapse[56716]: synapse.handlers.federation: [PUT-159337-$WM5mW7VqMvW19ceHPt1r-jrLCPJE8pGCVXfVZKQ47io] handling received PDU: <FrozenEventV3 event_id='$WM5mW7VqMvW19ceHPt1r-jrLCPJE8pGCVXfVZKQ47io', type='m.room.message', state_key=None>
Feb 04 14:04:17 matrix.archlinux.org synapse[56716]: synapse.state: [PUT-159337-$WM5mW7VqMvW19ceHPt1r-jrLCPJE8pGCVXfVZKQ47io] Resolving state for !SEgsRQLScqPxYtucHl:archlinux.org with groups [2601779, 2601782]
Feb 04 14:04:18 matrix.archlinux.org synapse[56716]: synapse.handlers.federation: [PUT-159337-$WM5mW7VqMvW19ceHPt1r-jrLCPJE8pGCVXfVZKQ47io] Soft-failing <FrozenEventV3 event_id='$WM5mW7VqMvW19ceHPt1r-jrLCPJE8pGCVXfVZKQ47io', type='m.room.message', state_key=None> because 403: User [bad-user] not in room !SEgsRQLScqPxYtucHl:archlinux.org (<FrozenEventV3 event_id='$SdIQbg5dST1Yly1f-_G8qERVvbOUPeO5P2lHt3Fe3vI', type='m.room.member', state_key='[bad-user]'>)
Feb 04 14:04:18 matrix.archlinux.org synapse[56716]: synapse.http.client: [PUT-159337-$WM5mW7VqMvW19ceHPt1r-jrLCPJE8pGCVXfVZKQ47io] Received response to POST http://127.0.0.1:9093/_synapse/replication/fed_send_events/cxkgfQOzda: 200

aria-net.org accepted the message:

:~$ grep "\$WM5mW7VqMvW19ceHPt1r-jrLCPJE8pGCVXfVZKQ47io" /var/log/syslog
Feb  4 14:04:17 akademeia matrix-synapse-worker_federation_reader_1[189517]: 2021-02-04 14:04:17,116 - synapse.handlers.federation - 189 - INFO - PUT-19046-$WM5mW7VqMvW19ceHPt1r-jrLCPJE8pGCVXfVZKQ47io - handling received PDU: <FrozenEventV3 event_id='$WM5mW7VqMvW19ceHPt1r-jrLCPJE8pGCVXfVZKQ47io', type='m.room.message', state_key=None>
Feb  4 14:04:17 akademeia matrix-synapse-worker_federation_reader_1[189517]: 2021-02-04 14:04:17,822 - synapse.http.client - 425 - INFO - PUT-19046-$WM5mW7VqMvW19ceHPt1r-jrLCPJE8pGCVXfVZKQ47io - Received response to POST http://127.0.0.1:8101/_synapse/replication/fed_send_events/cItXxahwLx: 200

Version information

Gnuxie commented 9 months ago

For some additional context, the reason why this is a problem for Mjolnir is because as a room administrator, NOT necessarily a homeserver administrator (but it is also a problem for server admins), mjolnir can't see the soft failed events. A solution that would work would be allowing a client to access soft failed events from both/sync and /messages. It will be ok for these events to be given in a redacted form, provided it is very & immediately obvious to a client whether these events have an associated m.redaction event or not. So that Mjolnir can then see and issue redactions that will be seen by other servers. This should ideally not be a Synapse administrator API, since public Matrix homeservers will have room admins who are not admins of the homeserver.

Gnuxie commented 9 months ago

A very unideal work around for those following along is to have a room admin on the same homeserver as the spammer, who will be able to see all of the spammer's events normally and then be able to issue redactions for them. This only really works because the majority of spam comes from accounts registered with matrix.org, so they don't usually need an admin account with every participating server in the room.