Hey guys, On 21.06.21 21:35, Serge Droz wrote: > Hi all > > It seems there is a SWINOG member who should clean his computer. > > Happy hunting > Serge
I don't think so. Root problem is the SWINOG mailman archive which happens to be very open: http://lists.swinog.ch/public/swinog/2021-June/thread.html http://lists.swinog.ch/public/swinog/2021-June/007518.html Even for a stupid crawler it is quite easy to collect your email address from there. That's the reason why I don't like to post to this list: it automatically makes me a future victim of SWINOG external SPAM. I once posted something to this list (must be 10 years ago). It took less than a week for the first SPAM mails to arrive. In fact, anyone who ever posted to this list is subject to direct spam. SWINOG should really re-think its list archive... On 22.06.21 08:58, Jeroen Massar wrote: > I suggest using a mailhost that has proper spam filtering, considering it is > trivial to identify > that the sending host is not properly configured, why bother accepting mail > from it? That's not enough. In first place, the SWINOG contributors should be protected from being crawled. -> SWINOG homework On 21.06.21 23:42, Jeroen Massar wrote: > Full headers would be rather useful to determine the real origin of that > message... Full ACK. Preferrably in the correct order. So for the sake of completeness, let's do the header dance: > X-Authenticated-Sender: cloudserver2.webbossuk.com: in3d...@in3days.org > X-Get-Message-Sender-Via: cloudserver2.webbossuk.com: authenticated_id: > in3d...@in3days.org > Received: from cloudserver2.webbossuk.com (cloudserver2.webbossuk.com > [95.172.31.250]) (using TLSv1.2 with cipher > ECDHE-RSA-AES256-GCM-SHA384 > (256/256 bits)) (No client certificate requested) by > mailin025.protonmail.ch (Postfix) with ESMTPS id 4G7yKH3NF6z9vNPW for > <s.d...@protonmail.ch>; Mon, 21 Jun 2021 18:11:47 +0000 (UTC) > Received: from [136.35.59.161] (port=45371 helo=in3days.org) by > cloudserver2.webbossuk.com with esmtpsa (TLS1.2) tls > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (Exim 4.93) (envelope-from > <in3d...@in3days.org>) id 1lvNEU-00069P-CD for s.d...@protonmail.ch; > Mon, > 21 Jun 2021 17:57:10 +0100 Email coming from 136-35-59-161.googlefiber.net [136.35.59.161] sent through cloudserver2.webbossuk.com (esmtpsa -> authenticated) which happens to host in3days.org. So most probably a hacked web hosting account. However, this does not help much, since the root cause is the SWINOG mailman archive. You will get spam from all over the world. Gruass, Franco _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog