Mark Sapiro wrote: > Matthew Clarkson wrote: > > >> We have switched half (about 15 so far) of our mailing lists from our >> majordomo server (with a hypermail based archiving system) to our new >> mailman server. I have just been notified by my boss that since the >> start of the switchover (3 weeks ago) he and a few other people have had >> a dramatic increase in spam based activity on their email accounts. >> > > > Have they posted, or are they just members? > >
They have all posted. >> I >> checked to make sure my robots.txt on the webserver root was fine with >> the following entries >> >> User-agent: * >> Disallow: /pipermail/ >> > > > Do you really think any spambot is going to honor a robots.txt file? > > I was aware that this is quite weak, but I knew that if I didn't mention it, it would have come up on the response to the initial email.. > If you have public archives, at a minimum you need > > ARCHIVER_OBSCURES_EMAILADDRS = Yes > > This is the default, but have you turned it off in mm_cfg.py? I'm not > sure how effective the obfuscation is, but it's probably better than > 'in the clear' addresses. > > This is set to obscure addresses (I have not changed any setting, either globally or list specific) to change this setting. >> Also, I verified that all my lists private_roster settings were set to >> List members. >> >> Can anyone else think of, if it is mailman that is the culprit here, any >> settings or ways that email harvesters could grab email addresses from a >> mailman server? >> > > > Can a spammer subscribe to your list and get the roster and then > unsubscribe? I don't know if spammers are sophisticated enough to do > this automatically, and I doubt they do it manually, but it is a > possibility unless subscription requires approval or the roster is > limited to admins. > Yes, this could happen with most of our lists, but I would find it hard to believe (not that it is still not possible) that a spammer would spend his time on doing this for our relatively small (member wise) lists, especially as soon as we put our mailing lists up on mailman (less than a month ago), this was the setting on our majordomo server for the last 3 years and we did not have this problem at all. I mostly just wanted to verify with the original email I sent, that there wasn't a blatant setting I was overlooking which would lead to this. I am thinking that it's not mailman, but probably another way that these harvesters are getting these email addresses. Thank you very much for your insite and help into this Mark, I (and I'm sure many others) appreciate all the help you give this list. -- Matthew Clarkson ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
