Set the mm_cfg.py and see Default.py for this info:
# The envelope sender is set by the SMTP delivery and is thus less easily # spoofed than the sender, which is typically just taken from the From: header # and thus easily spoofed by the end-user. However, sometimes the envelope # sender isn't set correctly and this will manifest itself by postings being # held for approval even if they appear to come from a list member. If you # are having this problem, set this variable to No, but understand that some # spoofed messages may get through. USE_ENVELOPE_SENDER = No MAKE YES! This will help block some of your problem - unauthorized posts. The virus checker still goes. ----- Original Message --------------- >Return-path: <[EMAIL PROTECTED]> >Received: from mail.python.org (mail.python.org [12.155.117.29]) > by spf6.us4.outblaze.com (Postfix) with ESMTP id 3D823539AA > for <[EMAIL PROTECTED]>; Wed, 5 May 2004 09:31:55 +0000 (GMT) >Received: from localhost.localdomain ([127.0.0.1] helo=mail.python.org) > by mail.python.org with esmtp (Exim 4.22) > id 1BLIqm-0005AH-BH; Wed, 05 May 2004 05:38:00 -0400 >Received: from ext-proxy-1.ftel.co.uk ([192.65.220.99]) > by mail.python.org with esmtp (Exim 4.22) id 1BLIqc-00054C-Ex > for [EMAIL PROTECTED]; Wed, 05 May 2004 05:37:50 -0400 >Received: from utility-2.ftel.co.uk (utility-2.ftel.co.uk [193.112.172.11]) > by ext-proxy-1.ftel.co.uk > (8.12.10/8.12.9/Revision:1.91/relay-in/ssl/db) with ESMTP id > i459baXi019160; Wed, 5 May 2004 10:37:40 +0100 >Received: from [172.16.3.104] (barrett-mac.ftel.co.uk [172.16.3.104]) > by utility-2.ftel.co.uk (8.12.9+Sun/8.12.9/Revision:1.90/db) with ESMTP > id i459bQEp012506; Wed, 5 May 2004 10:37:29 +0100 (BST) >In-Reply-To: <[EMAIL PROTECTED]> >References: <[EMAIL PROTECTED]> >Mime-Version: 1.0 (Apple Message framework v613) >Content-Type: text/plain; charset=US-ASCII; format=flowed >Message-Id: <[EMAIL PROTECTED]> >Content-Transfer-Encoding: 7bit >From: Richard Barrett <[EMAIL PROTECTED]> >Subject: Re: [Mailman-Users] Mail Lists, > Authorized Posters and Virus/Worm Access >Date: Wed, 5 May 2004 10:37:21 +0100 >To: Bob Bowers <[EMAIL PROTECTED]> >X-Mailer: Apple Mail (2.613) >X-Virus-Scanned: by amavisd-milter (http://amavis.org/) >X-Spam-Status: OK (lists-mailman 0.000) >Cc: [EMAIL PROTECTED] >X-BeenThere: [EMAIL PROTECTED] >X-Mailman-Version: 2.1.5c2 >Precedence: list >List-Id: Mailman mailing list management users <mailman-users.python.org> >List-Unsubscribe: <http://mail.python.org/mailman/listinfo/mailman-users>, > <mailto:[EMAIL PROTECTED]> >List-Archive: <http://mail.python.org/pipermail/mailman-users> >List-Post: <mailto:[EMAIL PROTECTED]> >List-Help: <mailto:[EMAIL PROTECTED]> >List-Subscribe: <http://mail.python.org/mailman/listinfo/mailman-users>, > <mailto:[EMAIL PROTECTED]> >Sender: [EMAIL PROTECTED] >Errors-To: [EMAIL PROTECTED] > >On 5 May 2004, at 09:28, Bob Bowers wrote: > >> In my community last week, someone gained access to a mail list with >> hundreds of subscribers by mimicking an email address authorized to >> post to the list (moderation bit set OFF). In such a case, moderator >> approval was not required. What resulted was that a worm of the >> W32Beagle variety was sent to many hundreds of subscribers. I have >> changed all my mail lists to require active moderation of all posts >> (moderation bits are ON for all subscribers), and automatic rejection >> of all posts from non-members. >> >> It appears that it was just a matter of time for someone with ill >> intent to figure out that the "from" address in a message from a mail >> list might represent access to the mail list for mischief. It would >> not appear accidental that a virus or worm operating on some >> unsuspecting individual's computer accidentally sent itself to the >> posting address of a mail list as well as from an authorized email >> address. It is more likely that it was deliberate. > >I doubt that the virus writer was targeting mailing lists in this >considered fashion; to them, a mail alias is just a mail alias. > >I understand these virus types use the MUA address book on machines it >infects as a source of mail address to send its progeny on to. One of >your list's subscribers was probably the source of the infected message >and your list's address just one of a number pillaged from that user's >address book as destinations by a promiscuous virus. > >In my view, running effective virus (and spam) filtering on your >incoming MTA is the secret of happiness. It keeps viruses away from >your both your lists' and your real users' mail aliases, and it means >you do not have to moderate everything if the virus loaded messages are >being silently dropped in the bit bucket by the MTA. > > >------------------------------------------------------ >Mailman-Users mailing list >[EMAIL PROTECTED] >http://mail.python.org/mailman/listinfo/mailman-users >Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py >Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ > ------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/