Ok I have a set of problems here..
First, posting to the list using Approved: header as the first line of the message body did not work becasue I'm sending formatted messages using Microsoft outlook with tables n stuff .. Second, I tried the following: keep an email address as non moderated to be able to post to the list and in General options, I turned the option : Hide the sender of a message, replacing it with the list address = YES this way hackers n spammers won't know which address is allowed to post but now the subscribers are recieving From: listn...@mydomain.com and not from: 'My web site's Name' which is annoying.. Third, I can't afford to turn everyone's moderation bit on even my own address and then approve the messages using the web interface for 2 reasons: 1- I have 7 lists which is a real pain to log into each one of them and approve the messages.. 2- I'm afraid to approve one of the tens of spam and members messages by mistake .. what's the advice?? Thanks .. > Date: Wed, 27 May 2009 16:39:28 -0700 > From: m...@msapiro.net > To: jeff...@goldmark.org; khillo...@hotmail.com > CC: mailman-users@python.org > Subject: Re: [Mailman-Users] my mailman has been hacked !! > > Jeffrey Goldberg wrote: > > >On May 27, 2009, at 1:23 PM, Khalil Abbas wrote: > > > >> all members are moderated, except my own email address > >> (m...@email.com) which I use to post to the list .. > > > >> someone sent from my address > > > > > >> the 'From' name is not me, > > > >Please clarify. Did the From line contain your email address (m...@email.com > >) or not? You seem to be saying two different things. > > > >If, as I suspect, someone is merely forging your address to post to > >the list, there are two things that you can do (I would recommend that > >you do (1) as an immediate and temporary measure, until you can get > >(2) in place). > > > >(1) Moderate even your own postings, so that your list moderator > >password is required to post, even if "from" your own address. > > > >(2) Improve the spam/virus filtering on your mailserver. A forged > >message from an open relay containing a virus should have been stopped > >by your mail system long before it reached mailman. > > > Two comments in addition to the above good advice. > > 1) Almost anyone can spoof your address in the From: of an email. This > does not require an open relay server or anything fancy. Almost any > MUA can do it. > > 2) That is why for announce lists we recommend moderating everyone and > if you want to avoid moderation when posting, use an Approved: header > to bypass moderation. See the FAQs at <http://wiki.list.org/x/3YA9> > and <http://wiki.list.org/x/XIA9>. > > -- > Mark Sapiro <m...@msapiro.net> The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > _________________________________________________________________ Windows Liveā¢: Keep your life in sync. Check it out! http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_allup_explore_012009 ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9