TLDR: Spam outside of swinog list by participating in mailinglist...
That is a very odd ordering of headers: > Received: from [136.35.59.161] (port=45371 helo=in3days.org) by > cloudserver2.webbossuk.com with esmtpsa (TLS1.2) tls > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (Exim 4.93) (envelope-from > <[email protected]>) id 1lvNEU-00069P-CD for [email protected]; Mon, > 21 Jun 2021 17:57:10 +0100 > Received: from cloudserver2.webbossuk.com (cloudserver2.webbossuk.com > [95.172.31.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 > (256/256 bits)) (No client certificate requested) by > mailin025.protonmail.ch (Postfix) with ESMTPS id 4G7yKH3NF6z9vNPW for > <[email protected]>; Mon, 21 Jun 2021 18:11:47 +0000 (UTC) Those normally go the other way around (top one is the newest). Nevertheless... there are two options for this kind of spam: - something subscribe(s|d) to the list and just spams directly - something parses the mailman archives and spams directly Nothing list-admins or members could do anything about. Closing the archives is a silly option, closing subscriptions another silly one, why bother having a mailinglist in that case. Noting that I suggest using a mailhost that has proper spam filtering, considering it is trivial to identify that the sending host is not properly configured, why bother accepting mail from it? Then again, from the order of those headers, does not look like the receiver is properly configured either. Greets, Jeroen -- > On 20210622, at 08:40, Serge Droz <[email protected]> wrote: > > Sure, here you go: > > Content-Transfer-Encoding: quoted-printable > Content-Type: text/html; charset=utf-8 > References: > <7A5xjOA_IhApwauOLPwy0scprYxTA4bjrjcS6Ejp5HrXsPGcbyrTV2ABvFGl8gGpkVDyKFXPU2FKFTdfnoqycA==@protonmail.internalid> > X-Pm-Date: Mon, 21 Jun 2021 15:57:11 +0000 > X-Pm-External-Id: <6FC07FDF38760D4D03211162AA001EDFAE9F5412@unknown> > X-Pm-Internal-Id: > 7A5xjOA_IhApwauOLPwy0scprYxTA4bjrjcS6Ejp5HrXsPGcbyrTV2ABvFGl8gGpkVDyKFXPU2FKFTdfnoqycA== > To: "Serge Droz" <[email protected]> > Reply-To: "Roger" <[email protected]> > From: "Roger" <[email protected]> > Subject: Re: [swinog] Coop.ch geoblocking? > X-Pm-Transfer-Encryption: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 > (256/256 bits) > Delivered-To: [email protected] > X-Original-To: [email protected] > X-Antiabuse: Sender Address Domain - in3days.org > X-Antiabuse: Originator/Caller UID/GID - [47 12] / [47 12] > X-Antiabuse: Original Domain - protonmail.ch > X-Antiabuse: Primary Hostname - cloudserver2.webbossuk.com > X-Antiabuse: This header was added to track abuse, please include it with > any abuse report > X-Authenticated-Sender: cloudserver2.webbossuk.com: [email protected] > Return-Path: <[email protected]> > X-Get-Message-Sender-Via: cloudserver2.webbossuk.com: authenticated_id: > [email protected] > X-Pm-Content-Encryption: on-delivery > Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; > d=in3days.org ; s=default; > h=MIME-Version:Message-ID:Subject:From:To:Date:Content-Type: > > Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: > Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: > In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: > List-Post:List-Owner:List-Archive; > bh=uAxy3zLHqvfXb2TMYjrhYr5Z2Iu5r3NwESS4F1OCQg8=; > b=pK1dKfuL2dIP2X5U9hf1z+iIGv > e9DBaAUxWcNJsesFiRorFjvKyzPWnZ+20RDKKpGfsaEjcu7xuxyYrZbfICXsM0mzgfCry/DVoe+QU > c2uMZspDly4ulZf0mp4o2Yx66GNBHlh0s0yZOjzrBc9whwJSk01vPFoKc/qthRVzR2Tc4GrsW4MlF > R02FpGbOo3XzfjLoWwRWn52qVGvEaScq2tk8O4YAWm14iMUIGPHMZbmT9UWsODV7TvQDyRjQTb9YA > IaffxFi0eEjohCq5WyMOBJbGq91Me/rI9o8Hhsqv5bnh3W1qI4K5L+nUn2tvRckpY/S9r2+BQORdE > 99Vu9hyQ==; > X-Pm-Spam: 0yeiAIic37iBOIJChpR3Y2bi4AiOiuHVZb8miiACL3cpJI6ZC2CIIMQGw2YDZDNmd > > RkNDzGUOOgDz4EGN2NiU0sIHzCJIYIS6gsHImIzlNwX3iW0YOAiwiACL2cvNUicmwiAOLACiwVmc > 3b0JogIjwi0ILAjgGB1U0XFh9fTETEFUUByT6YEUEIFh8gTE0WFbYh2lTBycEUgYVjcmk3JbX4Gg > w4CMFIQN9ORlF05TINFQgojR2cuVVyZGvGRIZMXg09mbHI1BxpYmg2gcY4WgGB1UFIlJ9yY2uFxZ > IADuIBCMEVM11FX0B1NURU0gE9kQTWgoRNSFpCBTbNmslRWdCZpBBtbizXNZYdWlt4GXCMx4RLIE > fU1SVFkMfRUSVQgUVzTWn2FcZBSogMXYSY2BxpYWECBZSl0Ny9GIEILRNpIHh25ZdVHymBSZmct9 > 4gXG0XVYa9GygM3JGZt9luYWgG4XM4CxLREIUSf1lHU0EkVTI1ElhN3c2ZgUFzaGgGEIRtEJvBST > icEBBzSyuWdaYRX1sUmcGIv5BudClWNZcN3hslmcVeuxZhIHkGlbX4Gtx4CMEILR1fSUMkFVSQUg > zVWT2cnFBoZSgXMYYQXghVGb3cgQ5lb2hHZIblGkLREIUSg0Igb3gEsRcl2n0FmbXdlJ4tXGxC4M > IRELf1USkVMFRfSUgUYRTVWznF2cSZoBMgYX2SBYYxWpEBCZ0SNl9yIGLERIINHph52ZHdyVBmZS > tm9cX4Gg25WZWZvxUtcGvnJZbBSkh12bWac5AwbigjALUNkWJ9FRlTQ9wgQkjmVUZlW2gQWZmdhl > EgIGsmVcYkXgg4Wa3UhBhhbWgXMdUJEMi4GXHIg0fQ== > X-Pm-Spamscore: 0 > X-Pm-Origin: external > X-Pm-Spam-Action: dunno > Message-Id: <6FC07FDF38760D4D03211162AA001EDFAE9F5412@unknown> > Received: from [136.35.59.161] (port=45371 helo=in3days.org) by > cloudserver2.webbossuk.com with esmtpsa (TLS1.2) tls > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (Exim 4.93) (envelope-from > <[email protected]>) id 1lvNEU-00069P-CD for [email protected]; Mon, > 21 Jun 2021 17:57:10 +0100 > Received: from cloudserver2.webbossuk.com (cloudserver2.webbossuk.com > [95.172.31.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 > (256/256 bits)) (No client certificate requested) by > mailin025.protonmail.ch (Postfix) with ESMTPS id 4G7yKH3NF6z9vNPW for > <[email protected]>; Mon, 21 Jun 2021 18:11:47 +0000 (UTC) > Mime-Version: 1.0 > Date: Mon, 21 Jun 2021 17:57:11 +0200 > Authentication-Results: mailin025.protonmail.ch; dkim=pass (2048-bit key) > header.d=in3days.org [email protected] header.b="pK1dKfuL" > Authentication-Results: mailin025.protonmail.ch; spf=none > [email protected] > Authentication-Results: mailin025.protonmail.ch; dmarc=none (p=none > dis=none) header.from=in3days.org > Authentication-Results: mailin025.protonmail.ch; dkim=pass (Good 2048 bit > rsa-sha256 signature) header.d=in3days.org header.a=rsa-sha256 > > > > On 21.06.21 23:42, Jeroen Massar wrote: >> Full headers would be rather useful to determine the real origin of that >> message... >> >> Greets, >> Jeroen >> >> >>> On 20210621, at 21:35, Serge Droz <[email protected]> wrote: >>> >>> Hi all >>> >>> It seems there is a SWINOG member who should clean his computer. >>> >>> Happy hunting >>> Serge >>> >>> >>> >>> -------- Forwarded Message -------- >>> Subject: Re: [swinog] Coop.ch geoblocking? >>> Date: Mon, 21 Jun 2021 17:57:11 +0200 >>> From: Roger <[email protected]> >>> Reply-To: Roger <[email protected]> >>> To: Serge Droz <[email protected]> >>> >>> >>> >>> Good day! >>> >>> We mail document to you again. You can discover it at the link lower: >>> >>> >>> annanigrodermatologia.it/mac-lesch/s_droz-80.zip >>> >>> >>> >>> >>> >>>> Hoi Roger > > ich denke nur das diese unterdrückung von unerwünschten >>>> meinungen falsch > ist . > Das sehe ich auch so. Aber das macht Coop >>>> ja nicht. > und im sinne coop finde ich es erstens nutzlos und >>>> zweitens bedenklich > wenn man security probleme mit regionalesn >>>> beschänkungen zu vermindern > versucht statt sie zu beseitigen > Keine >>>> Ahnung warum das Coop macht, ist aber ihr Recht, ist ja Ihre Webseite. >>>> Gruss Serge > .. so long ;) > > Roger > > > On 28.02.2021 19:37, Serge >>>> Droz wrote: >> I think you misunderstand what free speech is. Free >>>> speach means, you >> cannot be punished for what you say, nothing >>>> more. It does not guarantee >> you an audience, or a platform. >> An, >>>> although a bit US centric, explanation is here: >> >>>> https://www.aclu.org/other/what-censorship >> >> If blocking is a good >>>> idea for security reasons is en entirely different >> questions, and >>>> has nothing what so ever to do with free speech or >> censorship. >> >>>>>> Best >> Serge >> >> >> >> -- >> Serge Droz >> Security Lead >> >>>> Proton Technologies AG >> -- Serge Droz Security Lead Proton >>>> Technologies AG >>> >>> >>> >>> _______________________________________________ >>> swinog mailing list >>> [email protected] >>> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog >> > > -- > Dr. Serge Droz > Senior Security Engineer > _______________________________________________ swinog mailing list [email protected] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
