On Thu, 2004-03-11 at 17:28, Caleb Epstein wrote: > On Thu, Mar 11, 2004 at 11:59:50AM -0500, Caleb Epstein wrote: > OK, I've found out a little bit more about the exploit. The > message is sent with an envelope-from (I think thats the right > term) of an actual list subscriber, one who has permission to > post to the list, but the From: header is one of these made-up > official addresss: <snip> > Any suggestions on how to catch this forgery?
This type of forgery is usually best handled at the MTA level, I've setup Postfix to reject mail which appears to originate locally, but is being received from somewhere else, You don't say what MTA you're using, but I'm sure there is similar functionality available. Secondly, all mail to my lists is first sent to a content filter (in my case, amavis-new) for analysis, which uses SA/clamd to catch most spam and virii, which means that such mail is stopped before it ever reaches Mailman. HTH -j -- -jamie <[EMAIL PROTECTED]> | spamtrap: [EMAIL PROTECTED] w: http://silverdream.org | p: [EMAIL PROTECTED] pgp key @ http://silverdream.org/~jps/pub.key 17:30:01 up 8 days, 2:50, 11 users, load average: 1.11, 0.90, 0.70
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/