[Mailman-Users] investigating attack-like "mailfailures"
Nick Levine
ndl at ravenbrook.com
Sun Mar 13 18:17:57 CET 2005
Mark / Brad,
Many thanks for your mails.
I have tracked down (most of) what's going on.
vette:48:Mar 12 01:20:18 2005 (2549) alu-board-only post from
beverley at alu.org held,
message-id=<27673729.1097937559808.JavaMail.root at dezilu.com> : Post by
non-member to a members-only list
Because the sender was spoofed as coming from alu.org, the "you are on
hold" message went to bibop's mail server, which happens to return the
code 450 (= temporary failure?) for unknown users. It looks like
mailman keeps trying to resend a 450 bounce, every 15(?) minutes.
Bounces from other mail servers tend to carry the 550 code (=
permanent failure?) and mailman gives up.
Uhm, will it keep on doing this forever? It's tried sending to
beverley over 130 times since yesterday morning.
Regards,
- nick
More information about the Mailman-Users
mailing list