[Outages-discussion] [outages] not quite an outage, more a hack, "Urgent: Threat actor in systems" emails from FBI infrastructure

Jay R. Ashworth jra at baylink.com
Sat Nov 13 12:45:19 EST 2021


----- Original Message -----
> From: "Grant Taylor" <gtaylor at tnetconsulting.net>

> I'm re-routing my reply to outages-discussion instead of the original
> outages mailing list.  --  I'm CCing John in case he doesn't subscribe
> to outages-discussion.
> 
> On 11/13/21 9:56 AM, John Sage via Outages wrote:
>> Is anyone besides me now receiving three (or here four) identical posts
>> to the list with identical time stamps?
> 
> Yes.
> 
> I received five copies of the message.  All of the messages had the same
> Message-ID.
> 
> Tracing the Received: headers, it seems like the message was a duplicate
> all the way up to mx00.postal00.hostinfr.com.  I see the first new
> (E)SMTP(S) id at puck.nether.net.
> 
> So, it seems to me like the duplication happened between ...hostinfr.com
> and ...nether.net.
> 
> I've not implemented a duplicate message ID filter for the Outages
> mailing list.  But perhaps I should.

procmail has that built in, I think, and I'd thought Mailman did as well,
but perhaps I'm mistaken.

Such a filter would, of course, have to go on the input side of ... well, 
maybe it wouldn't.  I've never actually given any thought to how Mailman
handles Message-ID.  I expect Jared will know off-hand, though.

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274


More information about the Outages-discussion mailing list