Matthew Clarkson wrote: >We have switched half (about 15 so far) of our mailing lists from our >majordomo server (with a hypermail based archiving system) to our new >mailman server. I have just been notified by my boss that since the >start of the switchover (3 weeks ago) he and a few other people have had >a dramatic increase in spam based activity on their email accounts.
Have they posted, or are they just members? >I >checked to make sure my robots.txt on the webserver root was fine with >the following entries > >User-agent: * >Disallow: /pipermail/ Do you really think any spambot is going to honor a robots.txt file? If you have public archives, at a minimum you need ARCHIVER_OBSCURES_EMAILADDRS = Yes This is the default, but have you turned it off in mm_cfg.py? I'm not sure how effective the obfuscation is, but it's probably better than 'in the clear' addresses. >Also, I verified that all my lists private_roster settings were set to >List members. > >Can anyone else think of, if it is mailman that is the culprit here, any >settings or ways that email harvesters could grab email addresses from a >mailman server? Can a spammer subscribe to your list and get the roster and then unsubscribe? I don't know if spammers are sophisticated enough to do this automatically, and I doubt they do it manually, but it is a possibility unless subscription requires approval or the roster is limited to admins. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
