D. Hugh Redelmeier via talk wrote on 2023-09-08 07:04:
I sent this yesterday. To talk@gtalug.org and jamonation@gmail.com I got a bounce message from ubuntu-users-owner@lists.ubuntu.com ("Post by non-member to a members-only list")
How would this get to the ubuntu users list with my address on it?
| From: Jamon Camisso via talk<talk@gtalug.org> | To:talk@gtalug.org | Cc: Jamon Camisso<jamonation@gmail.com> | Date: Thu, 7 Sep 2023 14:54:30 -0400 | Subject: Re: [GTALUG] Debian Linux as-a-router Guide
There's something weird going on in the world of mailing lists. First, it appears Jamon works/worked at Canonical, so there's a tangential relation to lists.ubuntu.com. Two days ago, I got a weird message from someone I barely know via a LUG that was "Checking in" and "Is this email still valid for you? There is something important I'd like to discuss." Checking list archives, the From: was valid, but the ReplyTo: had a couple extra numbers on the end, then a different domain. Very odd. Maybe he was hacked? The mailing list itself? Then, yesterday I awoke to a flood of incoming bounce messages from *MY* mail server. Someone logged into my server as admin@bclug.ca (SASL plain auth), and started sending messages full of base64-encoded attachments (spam). That scared me - how did this happen?!? I shut down postfix, archived the queue then analyzed it, then deleted it. Changed my SASL password (a very lengthy one before & after), and it appears to be okay now? Maybe there's some automated attack going on against small Linux email lists / servers? Also, there was a back-scatter issue a few / several months ago targeting a user and/or mailing list in SF. TL;DR: I dunno why you got the bounce from Ubuntu lists.