Mark: Thanks again. This is greatly helpful. I'll look into all of these suggestions today. It turns out that emails beginning with a hyphen also get through. So I'm supplementing a filter for an initial underscore with a filter for an initial \W as well. Until I know the exact parameter of the hole in mailman, I'd rather delay some legitimate posts than let through any more spam.
Skipper Mark Sapiro wrote: > Robert Boyd Skipper wrote: >> Thank you for this information. The headers don't seem to be the problem, >> as they >> contain non-member emails. I don't have direct access to the mm_cfg.py >> file, and I >> can't find a user_envelope_sender in the web-based administration pages. So >> I haven't >> checked into that. > > > Here's something you can try. Since you don't have access to mm_cfg.py, > I assume you don't have direct access to > archives/private/listname.mbox/listname.mbox either, but you can get > it from the web (if it's not too humongous) with a URL like > <http://www.example.com/mailman/private/listname.mbox/listname.mbox>. > If you find the message(s) there, the initial "From " line and the > Return-Path:, if any, have the envelope sender. Then, the Reply-To: > and Sender: if any will be as in the original post, assuming your list > isn't anonymous and doesn't mung the Reply-To: > > >> However, I do have one more fact that may be relevant. I just received >> another spam >> posting that got through. It and the previous one both have emails that >> begin with an >> underscore: [EMAIL PROTECTED] and [EMAIL PROTECTED] >> So, as a possible quick fix, I've set the Spam filter rule 1 to the following >> >> from: [EMAIL PROTECTED] >> >> Maybe this will work? > > > It should, assuming there's no 'real name' between From: and the > address and the address isn't in <>. I woul be inclined to try > something along the lines of > > ^from:.*[ <]_[^<> [EMAIL PROTECTED] > > If you give this rule a Hold action, then you can see the original held > message with the original incoming headers intact. You will even see > the presence of an Approved: header or body line if any, although this > isn't likely to be the reason the message gets through as it requires > the list's admin or moderator password. > -- Robert Boyd Skipper P.O. Box 593 Wimberley, TX 78676 ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
