I recommend that you front-end your mail servers with something like Spam Assassin. If you really want to be thorough you can use Mailscanner with an anti-virus application that runs on Linux. Mailscanner will then use the local anti-virus application to scan all messages for viruses and then pump the remaining messages through a SpamAssassin filter to look for Spam.
Every place where I've installed SpamAssassin has fallen in love with it. It rapidly moves from being something nice to have, to being a necessity they can't live without. As for the list names being mined for spam, I've found that the biggest worry is the web-enabled archives. Mailman's features can help a little against spam. You can set your lists so that they only accept mail from either a list member or from a user on the local domain. Good Luck - Jon Carnes On Sun, 2003-01-26 at 12:26, Greg Westin wrote: > Hello Mailman folk, > > I work with a group that provides services to student groups at a > university, and we're concerned that a lot of the lists have been > picking up spam lately. The prime suspect, at this point, is Mailman's > publishing of list names. If you can provide any input on how to > alleviate this problem, please let me know. I'm copying below a > message (slightly modified) from one of the more knowledgeable people I > work with: > > --- > My real concern with the behavior of the > listinfo and admin scripts is that they publish the list of lists > not only when invoked without arguments, but also if invoked on a > non-existent list name. Because apache can be configured to reject > outside of ourdomain.edu or wherever requests for > "http://lists.ourdomain.edu/mailman/listinfo", > while still allowing > "http://lists.ourdomain.edu/mailman/listinfo/hcs-discuss", > but what if spammers start generating random list names and sending, > e.g., > "http://lists.ourdomain.edu/mailman/listinfo/sp4m"? No way to > stop such attacks except for Mailman to change its behavior (which > the patched version on lists.ourdomain currently does). > --- > > The patched version he's referring to simply denies access to > /mailman/listinfo (but not to /mailman/listinfo/valid-list-name) to > every request not from our domain. It's an ugly hack, but it's > generally fine because students will almost always be working from a > university computer, except perhaps when home on vacation. > > Thanks for any help. Please reply off-list if you're getting this via > mailman-developers, as I'm not subscribed to that list. I am on > mailman-users, though. > > Greg Westin > -- > http://www.gregwestin.com > Contact info: http://www.gregwestin.com/contact.php > > > ------------------------------------------------------ > Mailman-Users mailing list > [EMAIL PROTECTED] > http://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py > Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ > > This message was sent to: [EMAIL PROTECTED] > Unsubscribe or change your options at > http://mail.python.org/mailman/options/mailman-users/jonc%40nc.rr.com ------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: archive@jab.org Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org