In my community last week, someone gained access to a mail list with hundreds of subscribers by mimicking an email address authorized to post to the list (moderation bit set OFF). In such a case, moderator approval was not required. What resulted was that a worm of the W32Beagle variety was sent to many hundreds of subscribers. I have changed all my mail lists to require active moderation of all posts (moderation bits are ON for all subscribers), and automatic rejection of all posts from non-members.
It appears that it was just a matter of time for someone with ill intent to figure out that the "from" address in a message from a mail list might represent access to the mail list for mischief. It would not appear accidental that a virus or worm operating on some unsuspecting individual's computer accidentally sent itself to the posting address of a mail list as well as from an authorized email address. It is more likely that it was deliberate.
I doubt that the virus writer was targeting mailing lists in this considered fashion; to them, a mail alias is just a mail alias.
I understand these virus types use the MUA address book on machines it infects as a source of mail address to send its progeny on to. One of your list's subscribers was probably the source of the infected message and your list's address just one of a number pillaged from that user's address book as destinations by a promiscuous virus.
In my view, running effective virus (and spam) filtering on your incoming MTA is the secret of happiness. It keeps viruses away from your both your lists' and your real users' mail aliases, and it means you do not have to moderate everything if the virus loaded messages are being silently dropped in the bit bucket by the MTA.
------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
