On 01/26/09 16:26, Steve Lindemann wrote:
Thanks! Got it! They spoofed a legitimate list member on the Return-Path:, which also showed up on the first ("From ") message header line. The From:, Reply-To: reflected the purported spammer and there was no Sender: in the raw mbox file. The good news is that there was no Approved: or Approve: but we're changing passwords anyway.
I would be willing to bet that the spoofed member is really the source of the message. I would not be at all surprised if that members computer has malware on it that sent the email (after harvesting it from the address book) via the default email client and thus the list members ISP.
I think it would be worth asking the member to send an email to you (or reply to a request) and compare the headers. If the headers are almost identical, I'd ask them to run a virus and malware scanner on their computer. I'd ask even stronger if all the spam messages that came in came from that same system.
Grant. . . . ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
