[sf-lug] The problem I experienced recently XFwd: Fwd: Your confirmation is required to leave the test mailing list

[Todd Hawley]

On Thu, Jun 1, 2023 at 2:55 AM Rick Moen <rick at linuxmafia.com> wrote:

Back thirty years ago, when we all were younger and more optimistic,
> system administrators always stressed that we needed _full SMTP headers_
> of any example mail, if we were to try to analyse mail handling.  We
> asked, and we explained, and we explained some more -- and hardly any
> users ever bothered to provide crucial mails with full SMTP headers.
> So, evidently it's pointless to ask, and accordingly we sysadmins have
> to diagnose user problems with (very) incomplete data from the users.
>

And at this point, SMTP headers are all likely forged (at least most of
them), so it would
seem to me anyway trying to analyse them is a waste of time (although
reading them can
be hilarious in terms of the silly names in the forged headers :p). Just
like the numbers
that appear on most spam calls are forged, which is why I don't bother
blocking them.
Just like playing whack-a-mole, but I digress.

Anyway, on the basis of what I saw, it seems a _likely surmise_ that a
> malign software bot triggered Mailman's command-line interface (either
> the Web/CGI command interface or the e-mail command interface, and I'm
> guessing the former) to deliberately mess with you.  However, strictly
> speaking, it all could have been just forged e-mail without use of
> Mailman's command interfaces to generate unsubscribe-confirmation mails.


Hmm I could be mistaken but I thought most CGI forms were "spam magnets" and
if you had any on your web site you should get rid of them.

Anyway, thanks for the explanations.

-th
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20230602/793775ba/attachment.html>