At Wed, 18 Jul 2018 21:28:47 -0400 Matt Morgan <minxmertzm...@gmail.com> wrote:
> > On one of my lists I'm seeing some spam from non-subscribers getting > through. It appears that the trick is to put a subscriber's address in the > "real name" of the sender. E.g., this got through, without being held for > moderation, on a list with generic_nonmember_action = discard (emails of > the innocent obfuscated): > > *From:* "x...@johnxxx.com <j...@johngreenwaltlee.com>" <enrollm...@ekonek.com> > *Date:* July 18, 2018 at 5:27:24 PM CDT > *To:* <listn...@server.org <os...@cool.conservation-us.org>> > *Subject:* *[OSG-l] No. PL-01-17923 AIC Objects Specialty Group Discussion* > *Reply-To:* My List's Name <listn...@server.org > <os...@cool.conservation-us.org>> > > > Account Summary: > --------------------------- > Invoice No: No. PL-01-17923 > Billing Date: Jul 19, 2018 > Due Date: Jul 22, 2018 > Amount Due: 1,047.48 > Download DOC: Mailman only checks the From: header and it is trivial to put any random thing there, even if it is false information. OTH, the contents of the Recieved: headers contain real server names and IP addresses. Very often, the mail is sent directly to a SMTP server from a random PC or Laptop, often from a IP address without a reverse DNS. I have a filter rule: Received: from.*(unknown \[\d+\.\d+\.\d+\.\d+\]) Which catches this sorts of messages. I place them on hold, since *some* people use E-Mail clients that directly connect to SMTP servers from ISP IP addresses without reverse DNS. > > etc. (I'm avoiding sharing the links that follow). x...@johnxxx.com IS a > subscriber on the list. However enrollm...@ekonek.com is not. Yet this > message went straight through, as if it had been sent by a subscriber. > > I've looked at the archives of mailman-users and it looks like--from a very > old discussion--that > > a) this cheap trick should not be sufficient to allow the message through > b) the content of the message as delivered to the list may not reflect the > exact contents/metadata of the message as it was sent. > > Still, I don't really know what else could be going on here, or how to > investigate. Suggestions? > > Thanks! > Matt > ------------------------------------------------------ > Mailman-Users mailing list Mailman-Users@python.org > https://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 > Security Policy: http://wiki.list.org/x/QIA9 > Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ > Unsubscribe: > https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com > > > -- Robert Heller -- 978-544-6933 Deepwoods Software -- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services hel...@deepsoft.com -- Webhosting Services ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
