Am Tue, 9 May 2017 16:39:41 +0200 schrieb Julian Kippels <[email protected]>:
> Am Tue, 09 May 2017 14:17:01 +0200 > schrieb Sebastian Hagedorn <[email protected]>: > > > Hi, > > > > --On 9. Mai 2017 um 14:01:56 +0200 Julian Kippels <[email protected]> > > wrote: > > > > > there seems to be a targeted attack against public mailman lists > > > at german universities at the moment. I have heared from 3 > > > seperate unis having this problem, Regensburg, Münster and us in > > > Düsseldorf. > > > > > > As far as I can see this attack works like this: > > > A mail with envelop-from [email protected] and > > > From:-Header "Jennifer Lankford" > > > <[email protected]> is delivered to our list > > > [email protected] This list is configured only to > > > accept mails from members and to hold all other mails for the > > > moderators to inspect. The mail is correctly held to be moderated > > > BUT it is also forwarded to all members with From:-Header > > > "Jennifer Lankford" <[email protected]> > > > > > > I can't see why or how this could work. What am I missing? > > > We are using Mailman 2.1.15 > > > > we (Cologne University) were also affected. I think you might see > > two different messages. As far as I can tell the only messages that > > got through to moderated lists were those where the From:-header > > has an unmoderated address for the list. > > > > The bigger issue is that clearly the admin addresses of all lists > > were scraped from the public listinfo pages. This means that the > > same thing could happen again anytime. :-( > > > > I have set out most critical lists to emergency moderation, but > > that's not really practical in the long run. > > > > Sebastian > > Hi, > > I am pretty confident that these were not two different messages. I > have compared the mail headers of both the mail that was held and the > one that was delivered. Everything apart from the headers mailman adds > is exactly the same. Same timestamps, same message-ids, and so on... > > Julian > I am sorry, I have rechecked my findings… yes, those were 2 different mails with different headers. Sorry for the confusion. Julian ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
