On Tue, 2004-02-24 at 12:26, Bastiaan Welmers wrote: > I found an spam vulnarability in mailman public archives. > However (you can choose to) mailaddresses in public archives are spam > protected because @ will be replaced in " at " or " op " in both the txt > and the html files, in the raw mbox file are still being the unprotected email > addresses. > I found this bug by change: after I subscribed a brand-new mailaddress to a > public-archive list, shortly after that I recieved spam. A google search to this > brand-new > mail address brought me to the mbox file where it just stays unprotected.
Look at the new-in-MM2.1.4 PUBLIC_MBOX variable. This is now set to No by default so as to disable access to the mbox file. I actually think it's rare that people need access to this thing, especially because it can get pretty huge. -Barry _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
