On 08/18/21 15:15, David Gibbs via Mailman-Users wrote: > Is anyone else seeing requests to their mailman install that look > something like this: > > Aug 18 15:10:16 2021 (31166) Hostile listname: > listname=midrange-l__;!!NVq9dfhzMyHqTw!wLl-dt8zxsuQuoyojs-UYmT_d65WZroClHaYGfHduJ561eT0B7baTQV1ogZzQKRRsw$: > remote=52.34.76.65
What log is that from? I don't recognize the format. Jon Baron writes: > I'm pretty sure that this comes from Proofpoint's "URL Defense" > system. (Google it.) Argh. > But I don't understand what you mean by "hostile > listname" being "correct". He means that "midrange-l" is the name of an active list at his site, I'm pretty sure. > What comes before the __ is usually a URL, and there is also a __ > BEFORE the url begins. If you use a graphical mail client (like > gmail), [and] click the url that you see, Proofpoint will check it > to see if it is on a list of nasty sites. host(1) says the source or the request is AWS. :-/ None of this explains why the URL is targeting David's Mailman, unless it's the Mailman host that is running the Proofpoint. (It's not your job ;-), but any further hints would be appreciates. Steve ------------------------------------------------------ Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
