[sf-lug] The problem I experienced recently XFwd: Fwd: Your confirmation is required to leave the test mailing list

[Rick Moen]

Two slight corrections.  I wrote, a couple of hours ago:

> The mail wasn't _forged_ by a bot.  It was _triggered_ by a bot that
> interacted with Mailman from the public Internet.

That's my very strong hunch, anyway.  The example you gave had
abbreviated SMTP headers, not full headers, so I saw at a glance that
there was no point in trying to analyse the mail's origin and routing.

Back thirty years ago, when we all were younger and more optimistic, 
system administrators always stressed that we needed _full SMTP headers_ 
of any example mail, if we were to try to analyse mail handling.  We
asked, and we explained, and we explained some more -- and hardly any
users ever bothered to provide crucial mails with full SMTP headers.
So, evidently it's pointless to ask, and accordingly we sysadmins have
to diagnose user problems with (very) incomplete data from the users.

Anyway, on the basis of what I saw, it seems a _likely surmise_ that a
malign software bot triggered Mailman's command-line interface (either
the Web/CGI command interface or the e-mail command interface, and I'm
guessing the former) to deliberately mess with you.  However, strictly
speaking, it all could have been just forged e-mail without use of
Mailman's command interfaces to generate unsubscribe-confirmation mails.

> It presses the Unsubscribe button.  This causes Mailman to automatically
> send you a confirmation notice, coming from test-[$HASH]@linuxmafia.com,
> where $HASH is a long hexadecimal string for security protection.

Actually, from test-confirm+[$HASH]@linuxmafia.com .

For example, the one you forwarded (with abbreviated SMTP headers) from
May 29th purported to come from
test-confirm+b693ca87c089d86c427926214c06d19d09b41490 at linuxmafia.com .