[Mailman-Users] investigating attack-like "mailfailures"

Nick Levine ndl at ravenbrook.com
Sun Mar 13 18:17:57 CET 2005

Mark / Brad,

Many thanks for your mails.

I have tracked down (most of) what's going on.

    vette:48:Mar 12 01:20:18 2005 (2549) alu-board-only post from
    beverley at alu.org held,
    message-id=<27673729.1097937559808.JavaMail.root at dezilu.com> : Post by
    non-member to a members-only list

Because the sender was spoofed as coming from alu.org, the "you are on
hold" message went to bibop's mail server, which happens to return the
code 450 (= temporary failure?) for unknown users. It looks like
mailman keeps trying to resend a 450 bounce, every 15(?) minutes.

Bounces from other mail servers tend to carry the 550 code (=
permanent failure?) and mailman gives up.

Uhm, will it keep on doing this forever? It's tried sending to
beverley over 130 times since yesterday morning. 


- nick

More information about the Mailman-Users mailing list