Robert Boyd Skipper wrote: > > I've been running lists for years, and the filtering has been pretty > good at blocking posts from non-members. But recently, there have been > some leaks, allowing non-member spammers to slip a message onto the > list. The first time this happened, it turned out to be due to > non-alphanumeric characters at the beginning of email addresses in the > From: field.
I don't know why non-alphanumeric characters in the address would by themselves cause a non-member post to be accepted. > So, I made a regex filter that put a stop to that. But > now, it has happened again, and I can't see anything unusual about the > emails. Has anyone else noticed this happening? > > One of those emails that say "Can't see images? Click here!" got > through. The subject line reads, "[test] Dear t...@mydomain.org > Shopping just got a lot easier!" (I've substituted dummy names for > real ones.) Where you see four spaces in the Subject line, there > instead appeared a small circle. The Subject: header has nothing to do with whether or not the post is accepted. > The From: field had the name "Doctor > Joe Smith," but on mouseover, it said "t...@mydomain.org." Now I've had > many hundreds of emails that spoofed the name of my list in the past. > And the program always caught them. This one got through. Doctor Joe > Smith is not a subscriber and his name does not appear in any of the > non-member filters. The "real name" in the From: header also has nothing to do with it. > I've blocked anything that claims to come from "te...@.*" and that seems > to have stopped it, but I don't think the spoofing explains the problem, > since mailman had previously blocked about ten posts per day that > spoofed the listname. It could be that I've never seen the combination > of a person's name and the listname in the From: field. I just don't > remember. By default (this can be changed in mm_cfg.py but normally isn't), Mailman looks at the addresses in From:, Reply-To: and Sender: headers and the envelope sender address to determine if the post is "from" a list member. > Any thought? I saved the email. The mail received from the list will not reflect the original envelope sender or Sender: header and may not reflect the original Reply-To:. Thus it is not completely useful in diagnosing this. If you have access to the archives/private/LIST.mbox/List.mbox file, the message archived there will have the original Sender: if any and may have a Return-Path: header indicating the original envelope sender. How are you "blocking" mail from "te...@.*"? What if anything is in the list's accept_these_nonmembers? -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
