TLUG spam (was: Re:Your C1alis 0rder #807509)
Lennart Sorensen
lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Thu Sep 13 14:47:41 UTC 2007
On Wed, Sep 12, 2007 at 06:13:36PM -0400, Dave Mason wrote:
> Is this the result of TLUG accepting posting from the world? Or is
> someone here running Windows and thier computer is infected? I suspect
> the former based on the only apparently useful header:
>
> X-Originating-IP: 234.239.150.212 by smtp.201.17.187.101; Wed, 12 Sep 2007 17:48:28 -0500
>
> For those IPs I get:
> ; host 234.239.150.212
> Host 212.150.239.234.in-addr.arpa not found: 3(NXDOMAIN)
> ; host 201.17.187.101
> 101.187.17.201.in-addr.arpa domain name pointer c911bb65.bhz.virtua.com.br.
>
> Can we make the list so only people on the list can email to the list? Please???
I think someone discovered that drew-lxSQFCZeNF4 at public.gmane.org as your From: address will
allow posting anything you want to the mailing list. Perhaps the mail
server should be more picky about where it thinks drew can send mail
from. On the other hand the mailing list is expecting to receive
incoming mail from subscribers (which i am sure drew-lxSQFCZeNF4 at public.gmane.org is), and
forward it to all members of the list.
So simply messages sent with a fake From: address which the mailing list
accepts.
Any spammer that uses a forged from address of any subscriner to the
list would be able to do what this spammer is doing, and I am not sure
what you can do about it.
--
Len Sorensen
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list