[Mailman-Users] Targeted attack against german universities using mailman

Julian Kippels kippels at hhu.de
Tue May 9 08:01:56 EDT 2017

Hi all,

there seems to be a targeted attack against public mailman lists at
german universities at the moment. I have heared from 3 seperate unis
having this problem, Regensburg, Münster and us in Düsseldorf.

As far as I can see this attack works like this:
A mail with envelop-from www-data at dreadnoughtpc.com and From:-Header
"Jennifer Lankford" <esag-theater-owner at uni-duesseldorf.de> is
delivered to our list esag-theater at uni-duesseldorf.de
This list is configured only to accept mails from members and to hold
all other mails for the moderators to inspect.
The mail is correctly held to be moderated BUT it is also forwarded to
all members with From:-Header "Jennifer Lankford"
<real.address.of.owner at uni-duesseldorf.de>

I can't see why or how this could work. What am I missing?
We are using Mailman 2.1.15

Thanks in advance

More information about the Mailman-Users mailing list