Thank you, Mark. Even though this list is set to be anonymous, I was able to obtain the original sender's email address from the mbox file, as you suggested. It appears that a hacker spoofed a legitimate member email.
Ted -----Original Message----- From: Mark Sapiro [mailto:[email protected]] Sent: Monday, April 12, 2010 4:08 PM To: Fitzpatrick, Ted; [email protected] Subject: Re: [Mailman-Users] Email from Listname Fitzpatrick, Ted wrote: > >A hacker recently broadcast email to a discussion list by setting the "from:" >header to be the name of the list, e.g., >[email protected]<mailto:[email protected]> > >What's the best way to resolve this issue? If I block incoming email from this >address, will that interfere with Mailman's normal operations? The real question is why was this message accepted? What is the list setting for generic_nonmember_action? What is in accept_these_nonmembers? The listname itself should not be a member of the list, thus a post From: listname would normally be a non-member post unless there was also a Reply-To: or Sender: header with a list member address or the envelope sender address was a list member. Find the message in Mailman's archives/private/LISTNAME.mbox/LISTNAME.mbox file. This will show you the original envelope sender in the "From " separator. Assuming the list is not anonymous, it will also have the original Sender: header if any and if the list doesn't mung Reply-To: it will have the original Reply-To: if any. Hopefully that information will enable you to see why the post was accepted. -- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
