Hi Marcin, yes, in deed this mail was sent using the mailing list infrastructure.
I do not yet completely understand how this worked as posting is restricted to list members. It seems the sender was "[email protected]" - it may be, that some "bounced mail" technique has been used to come around the posting limitation. We will need to investigate and see how we can disable such postings in the future. On the other side - I didn't receive that mail at all, because my spam filter / antivirus protection filtered it out. Thanks for reporting! Cheers, Martin -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Marcin Zajaczkowski Sent: Donnerstag, 22. Mai 2014 03:29 To: [email protected] Subject: [Webtest] Malicious email from the list? Hello I've got following email with malicious attachment ([email protected] with "[email protected]<many-spaces>.scr" which looks like something sent using the mailing list. I wonder if this message was sent using the mailing list infrastructure (e.g. some mailing list spam bot subscribed to the list) or it just has spoofed headers? Marcin <ORIGINAL_MESSAGE> >From - Thu May 22 03:00:31 2014 X-Account-Key: account2 X-UIDL: 1400720117.KqE2tu.11,S=42794 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: <[email protected]> Delivered-To: [email protected] (xxx) Received: (wp-smtpd mx.wp.pl 4523 invoked from network); 22 May 2014 02:55:14 +0200 Received: from gate0.canoo.com ([195.141.68.118]) (envelope-sender <[email protected]>) by mx.wp.pl (WP-SMTPD) with SMTP for <[email protected]>; 22 May 2014 02:55:14 +0200 Received: from dell1.canoo.com (dell1.canoo.com [192.168.0.13]) by canoo.com (Postfix) with ESMTP id 54EFB8858132; Thu, 22 May 2014 02:55:10 +0200 (CEST) X-Original-To: [email protected] Delivered-To: [email protected] Received: from lists.canoo.com (unknown [113.160.113.45]) by canoo.com (Postfix) with ESMTP id C22A88858132 for <[email protected]>; Thu, 22 May 2014 02:54:45 +0200 (CEST) From: "Returned mail" <[email protected]> To: [email protected] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0008_5643A2AC.7C01D928" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <[email protected]> Subject: [Webtest] Message could not be delivered Sender: [email protected] Errors-To: [email protected] X-BeenThere: [email protected] X-Mailman-Version: 2.0.6 Precedence: bulk Reply-To: [email protected] Reply-To: "Returned mail" <[email protected]> List-Unsubscribe: <http://lists.canoo.com/mailman/listinfo/webtest>, <mailto:[email protected]?subject=unsubscribe> List-Id: Canoo WebTest Interest List <webtest.lists.canoo.com> List-Post: <mailto:[email protected]> List-Help: <mailto:[email protected]?subject=help> List-Subscribe: <http://lists.canoo.com/mailman/listinfo/webtest>, <mailto:[email protected]?subject=subscribe> List-Archive: <http://lists.canoo.com/pipermail/webtest/> Date: Thu, 22 May 2014 07:54:39 +0700 X-WP-DKIM-Status: no signature (id: n/a) X-WP-AV: skaner antywirusowy poczty Wirtualnej Polski S. A. X-WP-SPAM: YES (U9) 0000019 [oQrd] This is a multi-part message in MIME format. ------=_NextPart_000_0008_5643A2AC.7C01D928 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Dear user of lists.canoo.com, Your account has been used to send a large amount of unsolicited e-mail during the last week. Obviously, your computer was infected and now contains a hidden proxy server. Please follow our instructions in order to keep your computer safe. Have a nice day, The lists.canoo.com team. (... - attachments) </ORIGINAL_MESSAGE> _______________________________________________ WebTest mailing list [email protected] http://lists.canoo.com/mailman/listinfo/webtest _______________________________________________ WebTest mailing list [email protected] http://lists.canoo.com/mailman/listinfo/webtest
