On 09/25/2017 03:49 AM, Ralf Hildebrandt wrote:
> Recent phishing mails are targeting mailing-lists -- and do pass.
>
> From our logs:
> Sep 25 12:10:41 2017 (1940) post to rundmail-it from
> [email protected], size=4760,
> message-id=<[email protected]>, success
>
> But the headers of the mail that was automatically passed (since
> [email protected] is a member) was:
>
> From: "Sabishi.Meister@" <charite.de [email protected]>
A post is considered to be from a list member if any of the headers in
the Defaults.py/mm_cfg.py SENDER_HEADERS setting contains a member
address. The default setting is
SENDER_HEADERS = ('from', None, 'reply-to', 'sender')
(None means the envelope sender). Assuming you have the default setting,
the [email protected] address was either the envelope sender or
in Reply-To: or Sender:.
You could set
SENDER_HEADERS = ('from',)
in mm_cfg.py to test only the From: for list membership.
--
Mark Sapiro <[email protected]> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list [email protected]
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
