Turns out that this was a completely valid message. I recently took over this list from a host that was using Lyris. This user was receiving lyris messages in "Index Digest" format and he was attempting to retreive the full messages from a previous lyris index by using the "Get" command but accidentally sent the command to the new mailman list.
Live and learn, -Brendan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brendan Chard Sent: Wednesday, June 16, 2004 9:10 AM To: [EMAIL PROTECTED] Subject: [Mailman-Users] Security Breach by spammer on one of my lists? A message went to one of my lists last night that looked very peculiar, like a spammer. I'm hoping to get some input to see if it's something I should be worried about or just a fluke. I'm running Mailman 2.1.4 on FreeBSD with MailScanner and ClamAV I have an unmoderated closed list with the membership list viewable by admin only that is called "probate" The possible offending message was from a hotmail account that is legitimately subscribed to the list and all server logs regarding that message appear to be legit: The mailman post log says: (I have replaced the user with "USERNAME") Jun 15 22:13:03 2004 (70197) post to probate from [EMAIL PROTECTED], size=1846, message-id=<[EMAIL PROTECTED]>, success The sendmail (maillog) file says: (I have replaced the user with "USERNAME") Jun 15 22:10:11 server2 sm-mta-in[5288]: i5G2AAhS005288: from=<[EMAIL PROTECTED]>, size=842, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA, relay=bay22-f37.bay22.hotmail.com [64.4.16.87] Jun 15 22:10:11 server2 MailScanner[72190]: New Batch: Scanning 1 messages, 1390 bytes Jun 15 22:10:11 server2 MailScanner[72190]: Spam Checks: Starting Jun 15 22:10:11 server2 MailScanner[72190]: Virus and Content Scanning: Starting Jun 15 22:10:12 server2 MailScanner[72190]: Uninfected: Delivered 1 messages Jun 15 22:10:12 server2 MailScanner[72190]: MailScanner child dying of old age Jun 15 22:10:13 server2 MailScanner[5459]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... Jun 15 22:10:13 server2 sendmail[5460]: i5G2AAhS005288: to="|/usr/local/mailman/mail/mailman post probate".......... The message body itself was empty, but because hotmail advertises on their outbound messages, it looks like an advertisement. The subject line however is what concerns me... it says: "get probate 123423 123355 123372 123389 123405" I don't think it's from an actual human since it seems like a ridiculous subject line. I've moderated the users account until I get it figured out, but any input as to what this actually is would be appreciated. Thanks -Brendan ------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ ------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
