[Mailman-Users] Targeted attack against german universities using mailman

Wed May 10 04:58:44 EDT 2017

--On 10. Mai 2017 um 16:36:54 +0900 "Stephen J. Turnbull" 
<turnbull.stephen.fw at u.tsukuba.ac.jp> wrote:

> BTW, the practice of sending spam to -owner addresses has a long
> history.  I suspect this is not a matter of exploiting a Mailman bug
> unknown to us, but just luck on the part of the spammers.

FWIW, the messages we saw were *not* sent to the -owner address, but to the 
list address using one of the admin addresses for the list in the 
From:-header. On the MTA level the envelope-from was always 
www-data at dreadnoughtpc.com.

Cheers
Sebastian
-- 
    .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
                 .:.Regionales Rechenzentrum (RRZK).:.
   .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.