Hi, I am receiving spam to my list-owner address that appears to be sent from the same list-owner address. Here are some of the headers, anonymized a bit (google is there because my email is forwarded to my gmail address).
Received-SPF: pass (google.com: domain of [email protected] designates MY.IP.ADDR.ESS as permitted sender) client-ip=MY.IP.ADDR.ESS; Authentication-Results: mx.google.com; dkim=pass [email protected]; spf=pass (google.com: domain of [email protected] designates MY.IP.ADDR.ESS as permitted sender) [email protected] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=my.server.com; s=mcmaildk; h=Sender:Content-Type:Date:Message-Id:MIME-Version:Subject:To:From; bh=(STUFF) Received: from localhost ([127.0.0.1] helo=www.my.server.com) by my.server.com with esmtp (Exim 4.84) (envelope-from <[email protected]>) id 1ajRhe-0006bB-4A for [email protected]; Fri, 25 Mar 2016 08:23:06 -0500 Received: from [SPAM.IP.ADDR.ESS] (helo=spammer.domain.com) by my.server.com with esmtp (Exim 4.84) (envelope-from <[email protected]>) id 1ajRhW-0006b2-Jk for [email protected]; Fri, 25 Mar 2016 08:23:00 -0500 From: A. Spammer <[email protected]> To: mylist-owner <[email protected]> Errors-To: [email protected] Sender: "Mylist" <[email protected]> The SPF and DKIM passes make it seem like this spam is actually being sent from my server, not just from somewhere else with a spoofed sender. Is there some way that my mailman may be misconfigured that could be allowing the spammer to spam through it in this way? Or has my server been hacked? Thanks!! Mike ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
