I have a Mailman 3 email list, running on Mailman 3.3.3 on Debian 11.
A few of the list members are reporting that they received Email Address Unsubscription Confirmation emails, but claim that they never requested to be unsubscribed. (All are Gmail users. but they might be coincidental, since most list members are Gmail users.)
Has anyone seen this behavior before? Any ideas on what might be happening?
On 6/14/23 19:40, Mike Wertheim wrote:
I have a Mailman 3 email list, running on Mailman 3.3.3 on Debian 11.
A few of the list members are reporting that they received Email Address Unsubscription Confirmation emails, but claim that they never requested to be unsubscribed. (All are Gmail users. but they might be coincidental, since most list members are Gmail users.)
Has anyone seen this behavior before? Any ideas on what might be happening?
Yes. This is someone sending an email leave or unsubscribe command
for the user in question. This may be malicious, i.e. someone doesn't
like a user's posts and tries to unsubscribe them, or it may be just
spam of some sort.
the user should just ignore the email. Beyond that, there's not much you can do unless you can identify from mail logs the source of the requests.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Thanks.
Here are the log lines that correspond to the emails to the "-leave" address in /var/log/mailman3/smtp.log... Jun 14 10:10:29 2023 (199628) Available AUTH mechanisms: LOGIN(builtin) PLAIN(builtin) Jun 14 10:10:29 2023 (199628) Peer: ('127.0.0.1', 35610) Jun 14 10:10:29 2023 (199628) ('127.0.0.1', 35610) handling connection Jun 14 10:10:29 2023 (199628) ('127.0.0.1', 35610) Data: b'LHLO mydomain.com ' Jun 14 10:10:29 2023 (199628) ('127.0.0.1', 35610) Data: b'MAIL FROM:< someone-i-know@gmail.com>' Jun 14 10:10:29 2023 (199628) ('127.0.0.1', 35610) sender: someone-i-know@gmail.com Jun 14 10:10:29 2023 (199628) ('127.0.0.1', 35610) Data: b'RCPT TO:< mylist-leave@mydomain.com>' Jun 14 10:10:29 2023 (199628) ('127.0.0.1', 35610) recip: mylist-leave@mydomain.com Jun 14 10:10:29 2023 (199628) ('127.0.0.1', 35610) Data: b'DATA' Jun 14 10:10:29 2023 (199628) ('127.0.0.1', 35610) Data: b'QUIT' Jun 14 10:10:29 2023 (199628) ('127.0.0.1', 35610) connection lost
The IP address is 127.0.0.1. Would that imply that the messages were really sent from the localhost, or could that mean that the real sender IP address just wasn't captured for some reason?
On Wed, Jun 14, 2023 at 8:29 PM Mark Sapiro <mark@msapiro.net> wrote:
On 6/14/23 19:40, Mike Wertheim wrote:
I have a Mailman 3 email list, running on Mailman 3.3.3 on Debian 11.
A few of the list members are reporting that they received Email Address Unsubscription Confirmation emails, but claim that they never requested to be unsubscribed. (All are Gmail users. but they might be coincidental, since most list members are Gmail users.)
Has anyone seen this behavior before? Any ideas on what might be happening?
Yes. This is someone sending an email
leaveorunsubscribecommand for the user in question. This may be malicious, i.e. someone doesn't like a user's posts and tries to unsubscribe them, or it may be just spam of some sort.the user should just ignore the email. Beyond that, there's not much you can do unless you can identify from mail logs the source of the requests.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...
This message sent to mike.wertheim@gmail.com
Mike Wertheim writes:
Here are the log lines that correspond to the emails to the "-leave" address in /var/log/mailman3/smtp.log... [Irrelevant text elided] The IP address is 127.0.0.1. Would that imply that the messages were really sent from the localhost, or could that mean that the real sender IP address just wasn't captured for some reason?
The sender at 127.0.0.1 is your MTA (Postfix, Exim, Sendmail etc). Mailman delegates all Internet functionality to software designed for the purpose, and just accepts everything the MTA sends to Mailman via LMTP. Mailman's "smtp.log" is for Mailman's builtin LMTP server, and doesn't know anything about external connections.
To find out the last hop source IP for the message, you need to look at the MTA's log.
Steve
participants (3)
-
Mark Sapiro -
Mike Wertheim -
Stephen J. Turnbull