[Mailman-Users] Are there any known exploits in 2.1.5 rerequestemail address and spamming?
Martin Evans
martin.evans at easysoft.com
Tue Sep 23 11:15:31 CEST 2008
Mark Sapiro wrote:
> Martin Evans wrote:
>
>> Mark Sapiro wrote:
>>> If I understand correctly what you are saying, spam is being sent to
>>> the list-request address with a From: header containing an innocent
>>> 3rd party address. The response from Mailman, which contains the
>>> original message, is sent to the innocent 3rd party.
>> Actually that is not the case. It appears spam is sent to the request
>> address and it ends up being sent to an innocent 3rd party without any
>> mailman text at all. It is difficult for me to diagnose this as my mail
>> server has been blacklisted by so many places I've had to disable
>> mailmain completely. I saw lots of emails coming in to the request
>> address and caught some of the identical emails stuck on my outgoing
>> mail queue due to failure to send. What happened in between I cannot say
>> right now.
>
>
> Do your MTA logs or the outgoing queue entries give any clues. I'd be
> interested in the timing of the messages to the -request address
> relative to the outgoing messages, and the envelope sender of the
> outgoing messages.
>
> I don't know of any way that Mailman would resend a message from the
> -request address without Mailman added text.
Sorry, I was mistaken, there is a little mailman text in the message -
we were spamming so much I got lost in all the messages. What follows is
what I copied off the mail queue at the time:
--===============1172181569==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
The results of your email command are provided below. Attached is your
original message.
- Unprocessed:
Viagrapills Cialix Pills FemaleViagra Phentrimine
PenisGrowth Pack SQMA Tramadol Levitr & 410
more meds to choose From Please get your Free 4 - 12 ViagraPills from
us http://kciu.pclinx.cn
- Done.
--===============1172181569==
Content-Type: message/rfc822
MIME-Version: 1.0
Received: from vlxqyggr (bd223d4f.virtua.com.br [189.34.61.79] (may be
forged))
by xxxx.xxxxxxxx.com (8.14.0/8.14.0) with SMTP id m8EEbNYe015008;
Sun, 14 Sep 2008 15:37:32 +0100
To: <xxxxx.xxxx at xxxxxxxx.com>
Subject: 82%-92% Off Price!! ViagraPills $1.40/pill, Cialix
Pills$2.21/pill,
super LowPrice just for You tyjlt 2v4
X-Sender: <xxxx at xxxx.com>
Sender: <xxxx at xxxx.com>
From: "xxxxx xxxxx" <xxxxx at xxxx.com>
Reply-To: "xxxxx xxxxx" <xxxx at xxxx.com>
Message-ID: <1221401919.2724 at xxxx.com>
Date: Sun, 14 Sep 2008 07:18:39 -0700
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: 8bit
We Give You FreeViagraPills (Free 4 - 12 pills With any Order)
Viagrapills Cialix Pills FemaleViagra Phentrimine
PenisGrowth Pack SQMA Tramadol Levitr & 410 more meds to
choose From
Please get your Free 4 - 12 ViagraPills from us
http://kciu.pclinx.cn
--===============1172181569==--
So it appears it was handled as an unprocessed command.
>
>> I don't really want to start mailman up again as we cannot
>> afford to be black listed since we do most of our business online and
>> after a weekend of not spamming people we may get off some of the black
>> lists.
>>
>>> Current Mailman through 2.1.11 will behave the same. These issues will
>>> be addressed in 2.2.
>>>
>>> In the mean time, the best solution is effective spam filtering ahead
>>> of Mailman. Barring that, you can disable the -request and perhaps
>>> other support addresses and force everyone to use the web for
>>> subscribing, confirming, etc.
>>>
>> That is a reasonable alternative I'll look in to.
>
>
> Also, see the FAQ at <http://wiki.list.org/x/NQAy>.
>
Thank you and sorry for the mistake suggesting there was no mailman text
in the replies.
Martin
More information about the Mailman-Users
mailing list