[Mailman-Users] Security Breach by spammer on one of my lists?

Brendan Chard chardlist at chard.net
Wed Jun 16 15:09:53 CEST 2004 

A message went to one of my lists last night that looked very peculiar, like
a spammer.  I'm hoping to get some input to see if it's something I should
be worried about or just a fluke.

I'm running Mailman 2.1.4 on FreeBSD with MailScanner and ClamAV

I have an unmoderated closed list with the membership list viewable by admin
only that is called "probate"

The possible offending message was from a hotmail account that is
legitimately subscribed to the list and all server logs regarding that
message appear to be legit:

The mailman post log says: (I have replaced the user with "USERNAME")

Jun 15 22:13:03 2004 (70197) post to probate from USERNAME at hotmail.com,
size=1846, message-id=<BAY22-F37cf3ednHM3S000529a4 at hotmail.com>, success

The sendmail (maillog) file says: (I have replaced the user with "USERNAME")

Jun 15 22:10:11 server2 sm-mta-in[5288]: i5G2AAhS005288:
from=<USERNAME at hotmail.com>, size=842, class=0, nrcpts=1,
msgid=<BAY22-F37cf3ednHM3S000529a4 at hotmail.com>, proto=ESMTP, daemon=MTA,
relay=bay22-f37.bay22.hotmail.com [64.4.16.87]
Jun 15 22:10:11 server2 MailScanner[72190]: New Batch: Scanning 1 messages,
1390 bytes
Jun 15 22:10:11 server2 MailScanner[72190]: Spam Checks: Starting
Jun 15 22:10:11 server2 MailScanner[72190]: Virus and Content Scanning:
Starting
Jun 15 22:10:12 server2 MailScanner[72190]: Uninfected: Delivered 1 messages
Jun 15 22:10:12 server2 MailScanner[72190]: MailScanner child dying of old
age
Jun 15 22:10:13 server2 MailScanner[5459]: MailScanner E-Mail Virus Scanner
version 4.30.3 starting...
Jun 15 22:10:13 server2 sendmail[5460]: i5G2AAhS005288:
to="|/usr/local/mailman/mail/mailman post probate"..........

The message body itself was empty, but because hotmail advertises on their
outbound messages, it looks like an advertisement.

The subject line however is what concerns me... it says:

"get probate 123423 123355 123372 123389 123405"

I don't think it's from an actual human since it seems like a ridiculous
subject line.

I've moderated the users account until I get it figured out, but any input
as to what this actually is would be appreciated.


Thanks
-Brendan

More information about the Mailman-Users mailing list