I've seen one recent instance of this as well.
Mailman version - 2.1.11
From the log file:
/usr/local/mailman/logs/post:
Oct 06 08:14:21 2008 (25523) post to aauwnc-list from
[EMAIL PROTECTED], size=7721,
message-id=<[EMAIL PROTECTED]>, success
"[EMAIL PROTECTED]" is not a subscriber (!), and the the
"generic_nonmember_action" is set to "discard".
I sent a support request to MyYearbook.com (which does look like a
valid site -- though with loose rules on encouraging subscribers to
invite others), but haven't heard back.
The headers of the message that got through to the list didn't
include any reference to a subscriber to the list, but a message that
was delivered to my personal mailbox had a "Reply-To" header that
allowed me to track down the subscriber who probably inadvertently
spammed her entire address book with these messages. In other words,
the headers of the message I got outside of Mailman included:
From: myYearbook.com<[EMAIL PROTECTED]>
Subject: Is Barbara Your Friend? Please respond!!
x-mybid: bmFuY3lzaG9lbWFrZXJAbWluZHNwcmluZy5jb20=
To: <my personal address>
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
Reply-To: "Barbara" <a list subscriber's address>
I don't see the "Reply-To" header in the Mailman message (and,
indeed, the message that got through to the list has no way to tell
which Barbara sent it).
I believe this is the expected behavior for mismatched "reply-to" and
"From" headers. Is there any way that such a mismatch could be
considered a flag to be logged (so the real sender could be tracked
down) or to trigger moderation -- with exceptions for "reply to the
list" of course?
------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy: http://wiki.list.org/x/QIA9