On 8/18/21 11:34 PM, Stephen J. Turnbull wrote:
Is anyone else seeing requests to their mailman install that look something like this:
Aug 18 15:10:16 2021 (31166) Hostile listname: listname=midrange-l__;!!NVq9dfhzMyHqTw!wLl-dt8zxsuQuoyojs-UYmT_d65WZroClHaYGfHduJ561eT0B7baTQV1ogZzQKRRsw$: remote=52.34.76.65
What log is that from? I don't recognize the format.
mischief
But I don't understand what you mean by "hostile listname" being "correct".
He means that "midrange-l" is the name of an active list at his site, I'm pretty sure.
Exactly correct.
host(1) says the source or the request is AWS. :-/
None of this explains why the URL is targeting David's Mailman, unless it's the Mailman host that is running the Proofpoint. (It's not your job ;-), but any further hints would be appreciates.
These requests are coming from an external source. I'm not running proofpoint.
Not much I can do about it, I guess. Good to know the source of the requests though.
Not sure what proofpoint is trying to do. They are just getting errors.
Oh well.
Thanks for the info guys.
david
-- I'm riding in the American Diabetes Association's Tour de Cure to raise money for diabetes research, education, advocacy, and awareness. You can make a tax-deductible donation to my ride by visiting https://mideml.diabetessucks.net.
You can see where my donations come from by visiting my interactive donation map ... https://mideml.diabetessucks.net/map (it's a geeky thing).