Greg Wooledge wrote: > On Wed, Oct 06, 2021 at 09:09:11PM +0800, Bret Busby wrote: > > I believe that the solution is simple, and, what the list administrator(s) > > of the Debian User list will not do; simply disallow messages posted to the > > list, from non-subscribers. > > > > It is simple, will minimise spurious removals from the list, and, minimise > > spamming of the list. > > Well, you already know that this won't happen. They don't want to close > the list in that way. > > That said, this would *not* stop the problem that I'm having right now. > The "forged bounce messages" (for lack of a better term) are coming > from someone who *is* subscribed. They've set up some sort of auto-responder > which is generating one of these messages every time they receive a > message from the list. Because they're still subscribed.
It just happened to me, and then it happened again 10 minutes later. I suspect that this is a deliberate attack against debian-user, not a misconfigured anti-spam bot. My temporary work-around is to use separate addresses to subscribe to the list (and thus receive copies) and to post to the list (which will be targeted by the attacker, but cannot be unsubscribed because they aren't subscribed.) We probably need a change to the mail-handling system to only accept its own SMTP-time delivery failures as proof that a subscriber address has disappeared. -dsr-
