Mailing lists exploited
Hi
Our mailman lists were attacked this morning successfully sending spam to a large number of our users.
The method was to use the list administrator address found on the public facing web interface (see here https://mail.python.org/mailman/listinfo/mailman-developers for an example). The X at Y form doesn't pose much of a challenge.
They then crafted email addresses in the envelope sender which matched the sending IP numbers so our SPF checks passed, but used the list administrator address in the From: field which avoided moderation in a number of our lists. Many of our list administrators either didn't use moderation, or explicitly allowed their own address to post without moderation.
I've removed the administrator address display on our lists (thus cleverly bolting the stable door) and I'm turning on moderation for all administrator addresses and also checking the sender filters for addresses that bypass moderation.
So far it's just caused a bit of a flap and made list administrators wonder if their email account was hacked.
Maybe listing administrator email addresses needs the be a thing of the past.
-- Jonathan Knight IT Services Keele University
participants (1)
-
Jonathan Knight