Hi,
--On 9. Mai 2017 um 14:01:56 +0200 Julian Kippels <[email protected]> wrote:
there seems to be a targeted attack against public mailman lists at
german universities at the moment. I have heared from 3 seperate unis
having this problem, Regensburg, Münster and us in Düsseldorf.
As far as I can see this attack works like this:
A mail with envelop-from [email protected] and From:-Header
"Jennifer Lankford" <[email protected]> is
delivered to our list [email protected]
This list is configured only to accept mails from members and to hold
all other mails for the moderators to inspect.
The mail is correctly held to be moderated BUT it is also forwarded to
all members with From:-Header "Jennifer Lankford"
<[email protected]>
I can't see why or how this could work. What am I missing?
We are using Mailman 2.1.15
we (Cologne University) were also affected. I think you might see two
different messages. As far as I can tell the only messages that got through
to moderated lists were those where the From:-header has an unmoderated
address for the list.
The bigger issue is that clearly the admin addresses of all lists were
scraped from the public listinfo pages. This means that the same thing
could happen again anytime. :-(
I have set out most critical lists to emergency moderation, but that's not
really practical in the long run.
Sebastian
--
.:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
.:.Regionales Rechenzentrum (RRZK).:.
.:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.
------------------------------------------------------
Mailman-Users mailing list [email protected]
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
