Mark:
Thank you for this info. I'll see if I have access to
archives/private/LIST.mbox/List.mbox.
To answer your question, I made a mistake in the regex (it's been years
since messing with those little darlings). I actually blocked the
spoofed email by putting "t...@mydomain.org" in the "discard these
non-members" list. Since I have also been getting emails from
"t...@otherdomain.com" I thought I would just discard everything with a
username the same as my (pretty unique) listname. But I see now that I
got that regex wrong.
I don't understand how non-alphanumeric characters made a difference,
either, but they did. Emails containing such characters were not in
general a problem, but if they started with a '_' or a '-' or something
of the sort, mailman would simply let them through. When I put the
following regexes into the spam filter rule 1, the problem stopped:
from: _...@.*
from: -...@.*
and then, later, just in case, I added
from: \...@.*
Skipper
Mark Sapiro wrote:
Robert Boyd Skipper wrote:
I've been running lists for years, and the filtering has been pretty
good at blocking posts from non-members. But recently, there have been
some leaks, allowing non-member spammers to slip a message onto the
list. The first time this happened, it turned out to be due to
non-alphanumeric characters at the beginning of email addresses in the
From: field.
I don't know why non-alphanumeric characters in the address would by
themselves cause a non-member post to be accepted.
So, I made a regex filter that put a stop to that. But
now, it has happened again, and I can't see anything unusual about the
emails. Has anyone else noticed this happening?
One of those emails that say "Can't see images? Click here!" got
through. The subject line reads, "[test] Dear t...@mydomain.org
Shopping just got a lot easier!" (I've substituted dummy names for
real ones.) Where you see four spaces in the Subject line, there
instead appeared a small circle.
The Subject: header has nothing to do with whether or not the post is
accepted.
The From: field had the name "Doctor
Joe Smith," but on mouseover, it said "t...@mydomain.org." Now I've had
many hundreds of emails that spoofed the name of my list in the past.
And the program always caught them. This one got through. Doctor Joe
Smith is not a subscriber and his name does not appear in any of the
non-member filters.
The "real name" in the From: header also has nothing to do with it.
I've blocked anything that claims to come from "te...@.*" and that seems
to have stopped it, but I don't think the spoofing explains the problem,
since mailman had previously blocked about ten posts per day that
spoofed the listname. It could be that I've never seen the combination
of a person's name and the listname in the From: field. I just don't
remember.
By default (this can be changed in mm_cfg.py but normally isn't), Mailman
looks at the addresses in From:, Reply-To: and Sender: headers and the
envelope sender address to determine if the post is "from" a list member.
Any thought? I saved the email.
The mail received from the list will not reflect the original envelope
sender or Sender: header and may not reflect the original Reply-To:. Thus
it is not completely useful in diagnosing this. If you have access to the
archives/private/LIST.mbox/List.mbox file, the message archived there will
have the original Sender: if any and may have a Return-Path: header
indicating the original envelope sender.
How are you "blocking" mail from "te...@.*"?
What if anything is in the list's accept_these_nonmembers?
------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy: http://wiki.list.org/x/QIA9
