On 01/26/09 21:13, Brad Knowles wrote:
Even if they were infected with malware, those programs could easily use
a different outbound route than the normal mail sent by that person. So,
such a test might turn up something interesting, but then again it
doesn't prove anything if it doesn't.
Steve Lindemann wrote:
Lindsay Haisley wrote:
Is it possible that the list mod or admin password got out? I believe
than anyone can post to a moderated list by putting an Approved:
password header or pseudo-header in a post.
I'm on one of the lists that accepted the message (which is how it
Mark Sapiro wrote:
Steve Lindemann wrote:
Lindsay Haisley wrote:
Is it possible that the list mod or admin password got out? I believe
than anyone can post to a moderated list by putting an Approved:
password header or pseudo-header in a post.
I'm on one of the lists that accepted the
Steve Lindemann wrote:
Mark Sapiro wrote:
All the headers of the spam post. In a default installation, if any of
From:, Reply-To: or Sender: headers or the envelope sender as
reflected in the Unix From or Return-Path: header contains a member
address, the post will be deemed from that member.
Mark Sapiro wrote:
Right. That's why you have to look at the raw archive mbox file (not
the html archive or the periodic .txt or .txt.gz file). That's the
only place that will have the original envelope sender in the From
separator and the original Sender:.
Thanks! Got it! They spoofed a
On Mon, 2009-01-26 at 15:26 -0700, Steve Lindemann wrote:
Thanks! Got it! They spoofed a legitimate list member on the
Return-Path:, which also showed up on the first (From ) message header
line.
Both of these reflect the envelope sender address used in the SMTP
dialog with the mail server.
On 01/26/09 16:26, Steve Lindemann wrote:
Thanks! Got it! They spoofed a legitimate list member on the
Return-Path:, which also showed up on the first (From ) message header
line. The From:, Reply-To: reflected the purported spammer and there
was no Sender: in the raw mbox file. The good
On 01/26/09 16:38, Lindsay Haisley wrote:
Both of these reflect the envelope sender address used in the SMTP
dialog with the mail server.
*nod*
You can restrict the set of headers used to identify subscribers
using the SENDER_HEADERS variable in mm_cfg.py, as Mark indicated.
By default (in
On Mon, 2009-01-26 at 16:49 -0600, Grant Taylor wrote:
Is there a way that we can require some of these things (if they exist)
to match each other? I.e. to require the 'from' and the 'reply-to' to
match?
This might not be such a good idea. A Reply-To header is optional is
generally used if
On 01/26/09 16:49, Taylor, Grant wrote:
Is there a way that we can require some of these things (if they exist)
to match each other? I.e. to require the 'from' and the 'reply-to' to
match?
Ugh! It's been a *LONG* day. ... I.e. to require the 'from' and the
'return-path'
Grant. .
-- Forwarded message --
From: Steve Lindemann st...@marmot.org
To: mailman-users@python.org
Date: Mon, 26 Jan 2009 15:26:53 -0700
Subject: Re: [Mailman-Users] non-subscriber managed to post to a
subscriberonly list
Mark Sapiro wrote:
Right. That's why you have to look at the raw archive
on 1/26/09 4:49 PM, Grant Taylor said:
I would be willing to bet that the spoofed member is really the source
of the message. I would not be at all surprised if that members
computer has malware on it that sent the email (after harvesting it from
the address book) via the default email
12 matches
Mail list logo