The mailing list for listmasters using Sympa

["Mail administrator, Otto Makela" <address@concealed>]

Our Sympa installation is currently being misused by Russian well-known
hives of scum and villainy, to send out slow spam (in the range of 100
messages per day) to random Google/Hotmail/Yahoo etc customers by
connections to the web interface to use do_renewpasswd().

I am not quite sure what the payoff here is, but I suspect the long-term
intention is to cause reputation loss to our outgoing mail server since
quite a lot of the email addresses used cause bounces.

I would recommend others running Sympa check out if something similar
is happening to you, invoking do_renewpasswd() does not require a anything
very complicated. Should there really be a captcha before email is sent?

--
address@concealed (Mail Administrator, Otto J. Makela)