Since the announcement of the Drown vulneratibility a couple days ago, I thought I'd mention Drown here..... while I have no idea if this would be the cause of spammer's bypassing a Univ moderation team, according to one site test, ou.edu has a lot of vulnerabilities. https://test.drownattack.com/?site=OU.EDU Janice On Thu, Mar 03, 2016 at 02:55:39PM -0600, Hal Keen [[log in to unmask]] wrote (in part): | >>>And do you see approval requests for the spam messages, before the | >>>"ghost" approves them and they are distributed to your list? | > | >No. We're supposed to, but we don't. | | Curiouser and curiouser! The "Approved-By" header lines indicate the | message WAS on the moderation queue, but you don't see a notice that should | be generated in the process of getting it off. | | I see you're in a .edu environment. It's been my experience that | spam-checking arrangements in such environments are often wildly rapacious, | possibly because they're maintained and improved by particularly | imaginative staff. Is it possible those approval requests are being eaten | by the spam checker before they reach you? | | The other alternative, it seems to me, is that whoever is managing your | moderation queue on behalf of the spammers is also blocking the approval | notices from getting out--which would imply a VERY inside job in the list | server. | | Section 4 of the LISTSERV Advanced Topics Manual, on List Exits, might be | relevant. Do you use any? If not, another way to interfere with email to | list editors would probably be to hack the email system itself. | | >(By the way, we've all changed our passwords to the web interface.) | | Wise move! But it adds to my suspicions about an inside job: someone who's | obtained access to your moderation queue outside of normal vetting | procedures. | | I don't know if this makes a difference or not, but are the spammer | addresses the usual random-seeming collection of non-functioning fakes? Or | is there a narrower set of spammer addresses that get access? And are there | others that do get handled correctly? | | Hal Keen | ############################ To unsubscribe from the LSTOWN-L list: write to: mailto:[log in to unmask] or click the following link: http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTOWN-L&A=1