On 03/25/2016 09:17 AM, Michael Shulman wrote: > > The SPF and DKIM passes make it seem like this spam is actually being > sent from my server, not just from somewhere else with a spoofed > sender. Is there some way that my mailman may be misconfigured that > could be allowing the spammer to spam through it in this way? Or has > my server been hacked?
Neither. The mail was sent to "mylist-owner <[email protected]>". It was delivered to Mailman for mylist-owner. Mailman then resent it to the owner address <[email protected]> and the outgoing MTA DKIM signed it. This has nothing to do with the fact that the original mail spoofed <[email protected]> as the From: or the envelope sender of the original, except that depending on your DKIM signing rules you may have not DKIM signed it if it was From: a different domain. It passes SPF because it came to google from your server and it passes DKIM because you signed it on the way out. It would have been exactly the same if it had been sent to an alias that forwards directly to your google address. I.e. had it been sent to <[email protected]> instead of <[email protected]>, it would have been forwarded and signed in exactly the same way without having gone through Mailman at all. -- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
