On 01/26/09 21:13, Brad Knowles wrote:
Even if they were infected with malware, those programs could easily use
a different outbound route than the normal mail sent by that person. So,
such a test might turn up something interesting, but then again it
doesn't prove anything if it doesn't.
Agr
on 1/26/09 4:49 PM, Grant Taylor said:
I would be willing to bet that the spoofed member is really the source
of the message. I would not be at all surprised if that members
computer has malware on it that sent the email (after harvesting it from
the address book) via the default email client
n a couple of
recipients.
rac
> -- Forwarded message --
> From: Steve Lindemann
> To: mailman-users@python.org
> Date: Mon, 26 Jan 2009 15:26:53 -0700
> Subject: Re: [Mailman-Users] non-subscriber managed to post to a
> subscriberonly list
> Mark Sapiro wrote:
>>
>
On 01/26/09 16:49, Taylor, Grant wrote:
Is there a way that we can require some of these things (if they exist)
to match each other? I.e. to require the 'from' and the 'reply-to' to
match?
Ugh! It's been a *LONG* day. "... I.e. to require the 'from' and the
'return-path' ...".
Grant. .
On Mon, 2009-01-26 at 16:49 -0600, Grant Taylor wrote:
> Is there a way that we can require some of these things (if they exist)
> to match each other? I.e. to require the 'from' and the 'reply-to' to
> match?
This might not be such a good idea. A "Reply-To" header is optional is
generally use
On 01/26/09 16:38, Lindsay Haisley wrote:
Both of these reflect the envelope sender address used in the SMTP
dialog with the mail server.
*nod*
You can restrict the set of headers used to identify subscribers
using the SENDER_HEADERS variable in mm_cfg.py, as Mark indicated.
By default (in
On 01/26/09 16:26, Steve Lindemann wrote:
Thanks! Got it! They spoofed a legitimate list member on the
Return-Path:, which also showed up on the first ("From ") message header
line. The From:, Reply-To: reflected the purported spammer and there
was no Sender: in the raw mbox file. The good n
On Mon, 2009-01-26 at 15:26 -0700, Steve Lindemann wrote:
> Thanks! Got it! They spoofed a legitimate list member on the
> Return-Path:, which also showed up on the first ("From ") message header
> line.
Both of these reflect the envelope sender address used in the SMTP
dialog with the mail ser
Mark Sapiro wrote:
Right. That's why you have to look at the raw archive mbox file (not
the html archive or the periodic .txt or .txt.gz file). That's the
only place that will have the original envelope sender in the "From "
separator and the original Sender:.
Thanks! Got it! They spoofed a l
Steve Lindemann wrote:
>Mark Sapiro wrote:
>> All the headers of the spam post. In a default installation, if any of
>> From:, Reply-To: or Sender: headers or the envelope sender as
>> reflected in the Unix From or Return-Path: header contains a member
>> address, the post will be deemed from that
Mark Sapiro wrote:
Steve Lindemann wrote:
Lindsay Haisley wrote:
Is it possible that the list mod or admin password got out? I believe
than anyone can post to a moderated list by putting an "Approved:
" header or pseudo-header in a post.
>>
I'm on one of the lists that accepted the message (w
Steve Lindemann wrote:
>Lindsay Haisley wrote:
>> Is it possible that the list mod or admin password got out? I believe
>> than anyone can post to a moderated list by putting an "Approved:
>> " header or pseudo-header in a post.
>
>I'm on one of the lists that accepted the message (which is how i
12 matches
Mail list logo