tickets #80514
closedmx1.o.o is accepting spam (hijacking security announce) Fwd: [opensuse-security-announce]
100%
Description
My dear openSUSE admin,
Today, I received the following fake mail.
I suspect there's a trouble in our infrastructure as this kind of message
should have stopped at opensuse.org network edge.
clearly something on authorization, and what server and people is able to send
in the name of security or update need to be revised.
Have a green day.¶
Bruno Friedmann
Ioda-Net Sàrl www.ioda-net.ch
GPG KEY : D5C9B751C4653227
irc: tigerfoot
Admin mailing list -- admin@lists.opensuse.org
To unsubscribe, email admin-leave@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/admin@lists.opensuse.org
Files
Updated by pjessen over 3 years ago
- Private changed from Yes to No
I dont see any spam nor any hijacking :-)
Judging by the message you attached, it is a user attempting to unsubscribe from opensuse-security-announce, but he is using the wrong address :
opensuse-security-announce+unsubscribe@opensuse.org
On mx12.o.o we ignore the '+subscribe' extension, and we see this as "opensuse-security-announce@opensuse.org" and forward it to "security-announce@lists.opensuse.org". I think it should have been held for moderation here, I will check the list settings.
Updated by pjessen over 3 years ago
On security-announce, both members and nonmembers posts are held for moderation. Judging by the timestamps, I think this message was held at first, but then released.
06:13:42 - the posting is sent from mx12 to mailman
06:26:55 - the posting is distributed by mailman
The mailman log confirms:
Nov 27 06:13:42 2020 (5720) HOLD: security-announce@lists.opensuse.org post from xxxxxxxxxxxxxxx held, message-id=c1b742e756774e259a38965d5d9df61b@xxxxxxxxxx: The message comes from a moderated member
Nov 27 06:26:57 2020 (5717) HyperKitty archived message c1b742e756774e259a38965d5d9df61b@xxxxxx to https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/WSK5R6TO77GR2OOV7APMSWL53ZA7URJZ/
I don't see who released it though.
Updated by cboltz over 3 years ago
pjessen wrote:
opensuse-security-announce+unsubscribe@opensuse.org
On mx12.o.o we ignore the '+subscribe' extension, and we see this as "opensuse-security-announce@opensuse.org" and forward it to "security-announce@lists.opensuse.org".
This mail address looks like the "old" unsubscribe address. Maybe you can rewrite it to the "new" -leave address?
Updated by pjessen over 3 years ago
cboltz wrote:
pjessen wrote:
opensuse-security-announce+unsubscribe@opensuse.org
On mx12.o.o we ignore the '+subscribe' extension, and we see this as "opensuse-security-announce@opensuse.org" and forward it to "security-announce@lists.opensuse.org".
This mail address looks like the "old" unsubscribe address. Maybe you can rewrite it to the "new"
-leaveaddress?
I was wondering about that too, I guess it would be okay for unsubscribes.
Updated by pjessen over 3 years ago
- Category set to Email
- Status changed from New to Resolved
- Assignee set to pjessen
- % Done changed from 0 to 100
pjessen wrote:
cboltz wrote:
This mail address looks like the "old" unsubscribe address. Maybe you can rewrite it to the "new"
-leaveaddress?I was wondering about that too, I guess it would be okay for unsubscribes.
Done.