Re: You have been removed from the list (repeatedly)

To: debian-user@lists.debian.org
Subject: Re: You have been removed from the list (repeatedly)
From: "Thomas Schmitt" <scdbackup@gmx.net>
Date: Wed, 06 Oct 2021 19:41:26 +0200
Message-id: <[🔎] 12742368637178139786@scdbackup.webframe.org>
In-reply-to: <[🔎] YV2pZ8MbbCDttlGA@wooledge.org>
References: <[🔎] YV2pZ8MbbCDttlGA@wooledge.org>

Hi,

Greg Wooledge wrote:
> The "forged bounce messages" (for lack of a better term) are coming
> from someone who *is* subscribed.  They've set up some sort of auto-responder
> which is generating one of these messages every time they receive a
> message from the list.

This would be a novel application of mail Bounce Attack aka Backscatter,
which is normally used to smuggle spam content around the filters.
If so, then not you get spoofed but rather the Debian list server is
too credulent towards DSN messages.

This would also explain why the headers of the quoted message from
postmaster@vps268904.ovh.net do not look like a message that was
resent from debian-user. Instead it was payload of a forged bounce
message.

Have a nice day :)

Thomas

Reply to:

References:
- Re: You have been removed from the list (repeatedly)
  - From: Greg Wooledge <greg@wooledge.org>

Prev by Date: Re: override.jessie.main.gz file removed from http://deb.debian.org/debian/indices/
Next by Date: Re: iTunesSetup.exe in wine?
Previous by thread: Re: You have been removed from the list (repeatedly)
Next by thread: Re: You have been removed from the list (repeatedly)
Index(es):
- Date
- Thread