[Mailman-Users] Targeted attack against german universities using mailman
Hagedorn at uni-koeln.de
Wed May 10 04:58:44 EDT 2017
--On 10. Mai 2017 um 16:36:54 +0900 "Stephen J. Turnbull"
<turnbull.stephen.fw at u.tsukuba.ac.jp> wrote:
> BTW, the practice of sending spam to -owner addresses has a long
> history. I suspect this is not a matter of exploiting a Mailman bug
> unknown to us, but just luck on the part of the spammers.
FWIW, the messages we saw were *not* sent to the -owner address, but to the
list address using one of the admin addresses for the list in the
From:-header. On the MTA level the envelope-from was always
www-data at dreadnoughtpc.com.
.:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
.:.Regionales Rechenzentrum (RRZK).:.
.:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.
More information about the Mailman-Users