[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200209261822.50727.ka@khidr.net>
From: ka at khidr.net (Ka)
Subject: Bugtraq postings from non-members may disclose some list-member's addresses
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
yesterday I posted something to full-disclosure and at the same time
to bugtraq, but did so unintentionally from an email address which
is not subscribed to bugtraq (I simply responded to a posting from
Gossi the dog with "reply to all").
Intentionally I'm doing the same with this message -
it's allways good to have a test case, isn't it? .o)
As a result, I'm getting all the bouncing list-emails delivered back
to me personally, i.e. all MTAs of members with delivery problems
or vacation messages set up send their bounce message to me instead
of back to the bugtraq administration.
Obviously under the described circumstances the Return-Path: header
is not set by the bugtraq list software.
The few examples where the headers of my original posting where
sent back to me as part of an "message undeliverable" error,
show that the mail came from lists.securityfocus.com. The first
MTA was allways specified as
Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
by outgoing.securityfocus.com (Postfix) with QMQP
id D55EEA373E; Wed, 25 Sep 2002 12:55:59 -0600 (MDT)
And of course there was no Return-Path: set.
Since yesterday I learned, which members have their mailbox full,
are out of office, or fucked up their .forward files into
undeliverabilty (if there is such a word in English).
Not many members BTW, but enough for a good party.
Severity: low
Fun-Factor: high
Vendor notified: neahneah - would've spoiled the fun otherwise.
Have a nice day!
Ka
- --
Better a newer mind than a never mind.
But best to run around out of no mind.
http://www.khidr.net/users/ka/pgpkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9kzRX72vu22ltWBERAqLVAJ4iSWXnDvzhk8ipQ+G+oyEKLyWoEgCeIGWz
5ANkI0TLVQ2MjOfXPSEMP7c=
=jwYF
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists