[NTG-context] Re: Mail server login broken

On 30 Sep 2024, at 09:27, Taco Hoekwater wrote:

...

On 30 Sep 2024, at 09:15, Hans Åberg wrote:

An anti-spam measure is requiring email confirmation, typically an email sent to the address to be registered with an HTML link that must be opened and confirmed by clicking on a button.

What happens is that a malicious script is submitting a "password reset" form with a valid but unknown to mailman email address. Mailman3 should not respond to those, but it does. The receivers of such password reset reminders get righteously annoyed.

So it seems to be a bug that should be fixed. I have also changed GNU lists, so the question is what they do, or perhaps they have not experienced the problem yet.