[Mailman-Developers] Google Summer of Code - Spam Defense
Mark Sapiro
mark at msapiro.net
Sat Mar 29 19:53:22 CET 2008
Cristóbal Palmer wrote:
>
>I'm still scratching my head on how this bounced its way into my
>inbox, for example:
>
> http://garp.metalab.unc.edu/backscatter-example.txt
>
>How/where do I stop that?
It doesn't look to me like backscatter at all. It looks like spam sent
to cc-co-owner at lists.ibiblio.org which went to MailScanner on
"malecky" which replaced the original message with a message
consisting of the "notice" with the original attached. That message
then continued through delivery chain to cc-co-owner at lists.ibiblio.org
which was redirected to postmaster at lists.ibiblio.org and then to
admin at ibiblio.org by lists.ibiblio.org. It was then relayed to
metalab.unc.edu (a bit of a puzzle as the MX for ibiblio.org is
mail.metalab.unc.edu, but perhaps these are really the same machine)
which redirected admin at ibiblio.org to cmpalmer at ibiblio.org which
ultimately got delivered to cmpalmer at garp.metalab.unc.edu.
It also appears that the cmpalmer at ibiblio.org to
cmpalmer at garp.metalab.unc.edu step involved a resend which rewrote the
envelope sender to cmpalmer at metalab.unc.edu.
I don't know what there is to stop here. I may be completely wrong, but
it looks like this was just mail sent to cc-co-owner at lists.ibiblio.org
delivered through the chain that would apply to all such mail.
OK, I've just seen your reply to Robby Griffin's off-list message so
the question is "why did cc-co-owner at lists.ibiblio.org" go to
postmaster at lists.ibiblio.org.
You say "What I'm missing here is the step where the mail went
from going to one of the three list admins (again, all at gmail) to
going to me. Where was the forgery? How did mailman (or was it
postfix?) get duped?"
There is no evidence in the Received: chain that this copy was sent to
any of the three list admins. What does
/usr/local/mailman/bin/list_owners -m cc-co
show you? Assuming that doesn't list postmaster, what is in the MTA
logs on lists.ibiblio.org regarding this message, and what's in
Mailman's smtp log regarding this message? There's actually no
indication that this ever went to Mailman. How is list mail delivered
to Mailman on this machine? Is it possible that
cc-co-owner at lists.ibiblio.org is mis-interpreted as trying to deliver
to the 'co-owner' address of the cc list and this mis-delivery goes to
postmaster?
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Developers
mailing list