Hiya, I run a discussion list using Mailman 2.1 for a small open-source project. Recently, there was a security vulnerability discussed on my list and shortly after it was brought to light, several users of my list were attacked by a cracker through this security issue. I believe that the attacker saw the posts on our list (in the public archives or he could even be subscribed) and used that information to attack our users, and that he gained their IP addresses through the headers of their posts to the list.
I have this option enabled: (Hide the sender of a message, replacing it with the list address (Removes From, Sender and Reply-To fields)), but when the user sends email, it still shows it as originating from their personal computer. I need a way to protect this information (their IP address, etc) so that it looks like the messages are just coming from my Mailman server instead. Since there are several users on my list who are running my software and posting to the list from the same server, I need to be able to protect them - otherwise, we will not be able to safely discuss issues such as security concerns again. If anybody can help me with this, I'd greatly appreciate it. Thanks! Sean B ------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
