On Thu, Mar 11, 2004 at 11:59:50AM -0500, Caleb Epstein wrote:
> Here is a sample message:
> http://bklyn.org/~cae/mailman-stumper.txt
OK, I've found out a little bit more about the exploit. The
message is sent with an envelope-from (I think thats the right
term) of an actual list subscriber, one who has permission to
post to the list, but the From: header is one of these made-up
official addresss:
From my mail server's logs (subscriber's address mangled):
2004-03-11 16:31:44 1B1T5z-0009zY-00 <= [EMAIL PROTECTED] H=(srr2) [192.168.100.17]
P=smtp S=17730 [EMAIL PROTECTED] from <[EMAIL PROTECTED]> for [EMAIL PROTECTED]
From mailman's "post" log:
Mar 11 16:32:20 2004 (98296) post to announce from [EMAIL PROTECTED], size=2189,
message-id=<[EMAIL PROTECTED]>, success
Any suggestions on how to catch this forgery?
--
Caleb Epstein | bklyn . org | BOFH excuse #260:
cae at | Brooklyn Dust |
bklyn dot org | Bunny Mfg. | We're upgrading /dev/null
------------------------------------------------------
Mailman-Users mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
