[Mailman-Users] Targeted attack against german universities using mailman
Stephen J. Turnbull
turnbull.stephen.fw at u.tsukuba.ac.jp
Wed May 10 03:36:54 EDT 2017
Mark Sapiro writes:
> Unless there is some serious bug that I've never seen before, Mailman
> will not hold a post and also deliver it to the list members without
> moderator approval.
I guess it's possible that there's some kind of backdoor in the
configuration, such that the post goes to the list, is held from
distribution but somehow the owner is configured to reflect back to
the list. We'd need to see the full header of the post with all trace
fields to be able to even try to confirm this guess.
BTW, the practice of sending spam to -owner addresses has a long
history. I suspect this is not a matter of exploiting a Mailman bug
unknown to us, but just luck on the part of the spammers.
Steve
More information about the Mailman-Users
mailing list