D. Hugh Redelmeier via talk wrote on 2023-09-08 07:04:
I sent this yesterday.
To [email protected] and [email protected]
I got a bounce message from [email protected]
("Post by non-member to a members-only list")
How would this get to the ubuntu users list with my address on it?
| From: Jamon Camisso via talk<[email protected]>
| To:[email protected]
| Cc: Jamon Camisso<[email protected]>
| Date: Thu, 7 Sep 2023 14:54:30 -0400
| Subject: Re: [GTALUG] Debian Linux as-a-router Guide
There's something weird going on in the world of mailing lists.
First, it appears Jamon works/worked at Canonical, so there's a
tangential relation to lists.ubuntu.com.
Two days ago, I got a weird message from someone I barely know via a LUG
that was "Checking in" and "Is this email still valid for you? There is
something important I'd like to discuss."
Checking list archives, the From: was valid, but the ReplyTo: had a
couple extra numbers on the end, then a different domain.
Very odd. Maybe he was hacked? The mailing list itself?
Then, yesterday I awoke to a flood of incoming bounce messages from *MY*
mail server.
Someone logged into my server as [email protected] (SASL plain auth), and
started sending messages full of base64-encoded attachments (spam).
That scared me - how did this happen?!?
I shut down postfix, archived the queue then analyzed it, then deleted
it. Changed my SASL password (a very lengthy one before & after), and it
appears to be okay now?
Maybe there's some automated attack going on against small Linux email
lists / servers?
Also, there was a back-scatter issue a few / several months ago
targeting a user and/or mailing list in SF.
TL;DR:
I dunno why you got the bounce from Ubuntu lists.
---
Post to this mailing list [email protected]
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
