[Mailman-Users] Spam through my mailman?
Michael Shulman
viritrilbia at gmail.com
Fri Mar 25 12:17:25 EDT 2016
Hi,
I am receiving spam to my list-owner address that appears to be sent
from the same list-owner address. Here are some of the headers,
anonymized a bit (google is there because my email is forwarded to my
gmail address).
Received-SPF: pass (google.com: domain of
mailman-bounces at my.server.com designates MY.IP.ADDR.ESS as permitted
sender) client-ip=MY.IP.ADDR.ESS;
Authentication-Results: mx.google.com;
dkim=pass header.i=@my.server.com;
spf=pass (google.com: domain of mailman-bounces at my.server.com
designates MY.IP.ADDR.ESS as permitted sender)
smtp.mailfrom=mailman-bounces at my.server.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=my.server.com; s=mcmaildk;
h=Sender:Content-Type:Date:Message-Id:MIME-Version:Subject:To:From;
bh=(STUFF)
Received: from localhost ([127.0.0.1] helo=www.my.server.com)
by my.server.com with esmtp (Exim 4.84)
(envelope-from <mailman-bounces at my.server.com>)
id 1ajRhe-0006bB-4A
for listmaster at my.server.com; Fri, 25 Mar 2016 08:23:06 -0500
Received: from [SPAM.IP.ADDR.ESS] (helo=spammer.domain.com)
by my.server.com with esmtp (Exim 4.84)
(envelope-from <mylist-owner at my.server.com>) id 1ajRhW-0006b2-Jk
for mylist-owner at my.server.com; Fri, 25 Mar 2016 08:23:00 -0500
From: A. Spammer <mylist-owner at my.server.com>
To: mylist-owner <mylist-owner at my.server.com>
Errors-To: mailman-bounces at my.server.com
Sender: "Mylist" <mailman-bounces at my.server.com>
The SPF and DKIM passes make it seem like this spam is actually being
sent from my server, not just from somewhere else with a spoofed
sender. Is there some way that my mailman may be misconfigured that
could be allowing the spammer to spam through it in this way? Or has
my server been hacked?
Thanks!!
Mike
More information about the Mailman-Users
mailing list