FAQ
I'm sorry, I'm just not sure what the best subject line would be for
this... 8^( I'm sure this has been going on for ages, but it's only
just recently been brought to my attention.

The problem - when the list email address is (spoofed) in the From: line
(as well as being on the To: line) the message posts to the list. The
ability to post to the list is supposed to be restricted to only list
members. The list address is not in the list of list members.

Is this normal? I checked the config and there did see anything to
allow this behavior there. Is the list email address automatically
considered to be a member of the list? I can always block it in
"privacy options->sender filters", but should that even be necessary? Help!

I checked what documentation I can find and couldn't find any mention of
this behaviour. I didn't have a clue how to look for it in the FAQ so I
settled for reading the index and didn't see anything resembling this
there either.
--
Steve Lindemann __
Network Administrator //\\ ASCII Ribbon Campaign
Marmot Library Network, Inc. \\// against HTML/RTF email,
url: http://www.marmot.org //\\ vCards & M$ attachments
email: mailto:steve at marmot.org
voice: +1.970.242.3331 ext 116
fax: +1.970.245.7854

Search Discussions

  • Dragon at Apr 3, 2008 at 7:41 pm
    Steve Lindemann sent the message below at 12:18 4/3/2008:
    I'm sorry, I'm just not sure what the best subject line would be for
    this... 8^( I'm sure this has been going on for ages, but it's only
    just recently been brought to my attention.

    The problem - when the list email address is (spoofed) in the From: line
    (as well as being on the To: line) the message posts to the list. The
    ability to post to the list is supposed to be restricted to only list
    members. The list address is not in the list of list members.

    Is this normal? I checked the config and there did see anything to
    allow this behavior there. Is the list email address automatically
    considered to be a member of the list? I can always block it in
    "privacy options->sender filters", but should that even be necessary? Help!

    I checked what documentation I can find and couldn't find any mention of
    this behaviour. I didn't have a clue how to look for it in the FAQ so I
    settled for reading the index and didn't see anything resembling this
    there either.
    ---------------- End original message. ---------------------

    This seemed rather strange to me too so I decided to test it on my
    server. I have 2.1.10b3 installed from source on a Redhat machine. My
    list is configured for posts from non-members to be discarded.

    I sent a message to one of my lists using the list address in the
    From: header. The message was discarded as I expected it would be and
    I confirmed this by an entry in the vette log.

    So it works on my installation as I expect it would. The question now
    is, what is the difference between my source install and your
    installation. Are you using a cPanel or Plesk version, or a version
    installed from somebody else's package maybe through yum or something similar?

    Are you certain that the message was distributed via the list?

    Is it in the list archive?

    Can you match the message ID to one in the post log?

    If you can see it in the archive and post log then it did get
    processed through mailman. If not, perhaps it was BCC'ed to your
    address or there is something else going on with your MTA.

    Dragon

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • Steve Lindemann at Apr 3, 2008 at 9:43 pm

    Dragon wrote:
    Steve Lindemann sent the message below at 12:18 4/3/2008:
    The problem - when the list email address is (spoofed) in the From: line
    (as well as being on the To: line) the message posts to the list. The
    ability to post to the list is supposed to be restricted to only list
    members. The list address is not in the list of list members.

    Is this normal? I checked the config and there did see anything to
    allow this behavior there. Is the list email address automatically
    considered to be a member of the list? I can always block it in
    "privacy options->sender filters", but should that even be necessary? Help!
    ---------------- End original message. ---------------------

    This seemed rather strange to me too so I decided to test it on my
    server. I have 2.1.10b3 installed from source on a Redhat machine. My
    list is configured for posts from non-members to be discarded.

    I sent a message to one of my lists using the list address in the
    From: header. The message was discarded as I expected it would be and
    I confirmed this by an entry in the vette log.

    So it works on my installation as I expect it would. The question now
    is, what is the difference between my source install and your
    installation. Are you using a cPanel or Plesk version, or a version
    installed from somebody else's package maybe through yum or something similar?

    Are you certain that the message was distributed via the list?

    Is it in the list archive?

    Can you match the message ID to one in the post log?

    If you can see it in the archive and post log then it did get
    processed through mailman. If not, perhaps it was BCC'ed to your
    address or there is something else going on with your MTA.

    Dragon
    I'm running version 2.1.9, installed from a tarball on a Dell server
    running CentOS 5. I administer from the command line and thru the web
    interface. It's a pretty basic install.

    I went thru the logs and saw the message hit our email server
    (originally from 5850-260-1-62.dialup.samtel.ru), it gets passed to
    mailman and I see the post entry showing it's arrival into mailman then
    then smtp entry showing it's delivery back to the email server. I
    confirmed the delivery to the 144 recipients (fortunately this is a
    small list) in the mail log. I am one of the recipients on this list,
    but in my case spamassassin flagged the message and it gets filtered away.

    I just widened my search thru the mailman logs and noticed some other
    lists (in the vette log) holding messages for moderation with the list
    email in the From: line. So it does appear to be something in this
    specific list that's misconfigured. I'm off to poke around the config
    again but I'd be very interested in any suggestions about what I might
    be looking for!? My first pass thru the config I was looking for
    something that would allow this to happen and didn't see it.
    --
    Steve
  • Dragon at Apr 3, 2008 at 10:08 pm
    Steve Lindemann sent the message below at 14:43 4/3/2008:
    Dragon wrote:
    Steve Lindemann sent the message below at 12:18 4/3/2008:
    The problem - when the list email address is (spoofed) in the From: line
    (as well as being on the To: line) the message posts to the list. The
    ability to post to the list is supposed to be restricted to only list
    members. The list address is not in the list of list members.

    Is this normal? I checked the config and there did see anything to
    allow this behavior there. Is the list email address automatically
    considered to be a member of the list? I can always block it in
    "privacy options->sender filters", but should that even be necessary? Help!
    ---------------- End original message. ---------------------
    This seemed rather strange to me too so I decided to test it on my
    server. I have 2.1.10b3 installed from source on a Redhat machine.
    My list is configured for posts from non-members to be discarded.
    I sent a message to one of my lists using the list address in the
    From: header. The message was discarded as I expected it would be
    and I confirmed this by an entry in the vette log.
    So it works on my installation as I expect it would. The question
    now is, what is the difference between my source install and your
    installation. Are you using a cPanel or Plesk version, or a version
    installed from somebody else's package maybe through yum or something similar?
    Are you certain that the message was distributed via the list?
    Is it in the list archive?
    Can you match the message ID to one in the post log?
    If you can see it in the archive and post log then it did get
    processed through mailman. If not, perhaps it was BCC'ed to your
    address or there is something else going on with your MTA.
    Dragon
    I'm running version 2.1.9, installed from a tarball on a Dell server
    running CentOS 5. I administer from the command line and thru the
    web interface. It's a pretty basic install.
    Now when you say it's from a tarball, is it a binary install or did
    you compile it (configure, make, make install, etc.)?

    Where did you obtain this version?

    If it isn't from one of the links on the page linked below, it may
    have been altered in some way by somebody else to conform to some
    distribution specific criteria.

    http://www.gnu.org/software/mailman/mailman.html

    I went thru the logs and saw the message hit our email server
    (originally from 5850-260-1-62.dialup.samtel.ru), it gets passed to
    mailman and I see the post entry showing it's arrival into mailman
    then then smtp entry showing it's delivery back to the email
    server. I confirmed the delivery to the 144 recipients (fortunately
    this is a small list) in the mail log. I am one of the recipients
    on this list, but in my case spamassassin flagged the message and it
    gets filtered away.

    I just widened my search thru the mailman logs and noticed some
    other lists (in the vette log) holding messages for moderation with
    the list email in the From: line. So it does appear to be something
    in this specific list that's misconfigured. I'm off to poke around
    the config again but I'd be very interested in any suggestions about
    what I might be looking for!? My first pass thru the config I was
    looking for something that would allow this to happen and didn't see it.
    If this is a stock install from the mailman source, I've pretty much
    exhausted my ideas. The only settings I know that should affect the
    ability to deliver an e-mail are:

    accept_these_nonmembers
    generic_nonmember_action
    header_filter_rules

    I've looked through all the other options and don't see anything
    there that would possibly allow something through. The only other
    thing I can think of is that this mail might have been held and
    accidentally accepted or it might have been sent with an Approved:
    header with the list or site password.

    Dragon

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • Steve Lindemann at Apr 3, 2008 at 10:59 pm

    Dragon wrote:
    Steve Lindemann sent the message below at 14:43 4/3/2008:
    Dragon wrote:
    Steve Lindemann sent the message below at 12:18 4/3/2008:
    The problem - when the list email address is (spoofed) in the From: line
    (as well as being on the To: line) the message posts to the list. The
    ability to post to the list is supposed to be restricted to only list
    members. The list address is not in the list of list members.

    Is this normal? I checked the config and there did see anything to
    allow this behavior there. Is the list email address automatically
    considered to be a member of the list? I can always block it in
    "privacy options->sender filters", but should that even be necessary? Help!
    ---------------- End original message. ---------------------
    This seemed rather strange to me too so I decided to test it on my
    server. I have 2.1.10b3 installed from source on a Redhat machine.
    My list is configured for posts from non-members to be discarded.
    I sent a message to one of my lists using the list address in the
    From: header. The message was discarded as I expected it would be
    and I confirmed this by an entry in the vette log.
    So it works on my installation as I expect it would. The question
    now is, what is the difference between my source install and your
    installation. Are you using a cPanel or Plesk version, or a version
    installed from somebody else's package maybe through yum or something similar?
    Are you certain that the message was distributed via the list?
    Is it in the list archive?
    Can you match the message ID to one in the post log?
    If you can see it in the archive and post log then it did get
    processed through mailman. If not, perhaps it was BCC'ed to your
    address or there is something else going on with your MTA.
    Dragon
    I'm running version 2.1.9, installed from a tarball on a Dell server
    running CentOS 5. I administer from the command line and thru the
    web interface. It's a pretty basic install.
    Now when you say it's from a tarball, is it a binary install or did
    you compile it (configure, make, make install, etc.)?

    Where did you obtain this version?

    If it isn't from one of the links on the page linked below, it may
    have been altered in some way by somebody else to conform to some
    distribution specific criteria.

    http://www.gnu.org/software/mailman/mailman.html

    I went thru the logs and saw the message hit our email server
    (originally from 5850-260-1-62.dialup.samtel.ru), it gets passed to
    mailman and I see the post entry showing it's arrival into mailman
    then then smtp entry showing it's delivery back to the email
    server. I confirmed the delivery to the 144 recipients (fortunately
    this is a small list) in the mail log. I am one of the recipients
    on this list, but in my case spamassassin flagged the message and it
    gets filtered away.

    I just widened my search thru the mailman logs and noticed some
    other lists (in the vette log) holding messages for moderation with
    the list email in the From: line. So it does appear to be something
    in this specific list that's misconfigured. I'm off to poke around
    the config again but I'd be very interested in any suggestions about
    what I might be looking for!? My first pass thru the config I was
    looking for something that would allow this to happen and didn't see it.
    If this is a stock install from the mailman source, I've pretty much
    exhausted my ideas. The only settings I know that should affect the
    ability to deliver an e-mail are:

    accept_these_nonmembers
    generic_nonmember_action
    header_filter_rules

    I've looked through all the other options and don't see anything
    there that would possibly allow something through. The only other
    thing I can think of is that this mail might have been held and
    accidentally accepted or it might have been sent with an Approved:
    header with the list or site password.

    Dragon
    acquired the software with:
    wget
    http://openwebmail.org/openwebmail/download/release/openwebmail-2.52.tar.gz

    followed by many wget's of required perl modules and such
    and installed the lot. I recall rounds of configure,make,make test,make
    install for the perl modules. I don't recall doing that for the
    openwebmail, I do remember "./openwebmail-tool.pl --init" after some
    config file changes.

    I'll check those specific settings.

    If the message had been held I should have seen an entry for it in the
    vette log and there wasn't one. I checked the message header for an
    Approved line and (fortunately) didn't find it. I'd be very
    "disappointed" to find that password in a message header.

    I'll keep poking at this end. I'd love to hear any other ideas...
    --
    Steve
  • Steve Lindemann at Apr 3, 2008 at 11:10 pm

    Steve Lindemann wrote:
    Dragon wrote:
    Steve Lindemann sent the message below at 14:43 4/3/2008:
    Dragon wrote:
    Steve Lindemann sent the message below at 12:18 4/3/2008:
    The problem - when the list email address is (spoofed) in the From: line
    (as well as being on the To: line) the message posts to the list. The
    ability to post to the list is supposed to be restricted to only list
    members. The list address is not in the list of list members.

    Is this normal? I checked the config and there did see anything to
    allow this behavior there. Is the list email address automatically
    considered to be a member of the list? I can always block it in
    "privacy options->sender filters", but should that even be necessary? Help!
    ---------------- End original message. ---------------------
    This seemed rather strange to me too so I decided to test it on my
    server. I have 2.1.10b3 installed from source on a Redhat machine.
    My list is configured for posts from non-members to be discarded.
    I sent a message to one of my lists using the list address in the
    From: header. The message was discarded as I expected it would be
    and I confirmed this by an entry in the vette log.
    So it works on my installation as I expect it would. The question
    now is, what is the difference between my source install and your
    installation. Are you using a cPanel or Plesk version, or a version
    installed from somebody else's package maybe through yum or something similar?
    Are you certain that the message was distributed via the list?
    Is it in the list archive?
    Can you match the message ID to one in the post log?
    If you can see it in the archive and post log then it did get
    processed through mailman. If not, perhaps it was BCC'ed to your
    address or there is something else going on with your MTA.
    Dragon
    I'm running version 2.1.9, installed from a tarball on a Dell server
    running CentOS 5. I administer from the command line and thru the
    web interface. It's a pretty basic install.
    Now when you say it's from a tarball, is it a binary install or did
    you compile it (configure, make, make install, etc.)?

    Where did you obtain this version?

    If it isn't from one of the links on the page linked below, it may
    have been altered in some way by somebody else to conform to some
    distribution specific criteria.

    http://www.gnu.org/software/mailman/mailman.html

    I went thru the logs and saw the message hit our email server
    (originally from 5850-260-1-62.dialup.samtel.ru), it gets passed to
    mailman and I see the post entry showing it's arrival into mailman
    then then smtp entry showing it's delivery back to the email
    server. I confirmed the delivery to the 144 recipients (fortunately
    this is a small list) in the mail log. I am one of the recipients
    on this list, but in my case spamassassin flagged the message and it
    gets filtered away.

    I just widened my search thru the mailman logs and noticed some
    other lists (in the vette log) holding messages for moderation with
    the list email in the From: line. So it does appear to be something
    in this specific list that's misconfigured. I'm off to poke around
    the config again but I'd be very interested in any suggestions about
    what I might be looking for!? My first pass thru the config I was
    looking for something that would allow this to happen and didn't see it.
    If this is a stock install from the mailman source, I've pretty much
    exhausted my ideas. The only settings I know that should affect the
    ability to deliver an e-mail are:

    accept_these_nonmembers
    generic_nonmember_action
    header_filter_rules

    I've looked through all the other options and don't see anything
    there that would possibly allow something through. The only other
    thing I can think of is that this mail might have been held and
    accidentally accepted or it might have been sent with an Approved:
    header with the list or site password.

    Dragon
    acquired the software with:
    wget
    http://openwebmail.org/openwebmail/download/release/openwebmail-2.52.tar.gz

    followed by many wget's of required perl modules and such
    and installed the lot. I recall rounds of configure,make,make test,make
    install for the perl modules. I don't recall doing that for the
    openwebmail, I do remember "./openwebmail-tool.pl --init" after some
    config file changes.
    OOPS... never mind that. My notes only say I went to the mailman
    website and downloaded mailman-2.1.9.tgz... from there the notes get
    more involved but it boils down to: unpacked it, went thru the make/make
    install routine, ended up with a working copy.

    I really need to pay attention to which question I working on... I was
    also dealing with an openwebmail issue at the same time (not much of an
    excuse but it's all I have 8^) ...sorry for the confusion!!
    I'll check those specific settings.

    If the message had been held I should have seen an entry for it in the
    vette log and there wasn't one. I checked the message header for an
    Approved line and (fortunately) didn't find it. I'd be very
    "disappointed" to find that password in a message header.

    I'll keep poking at this end. I'd love to hear any other ideas...
    --
    Steve
  • Mark Sapiro at Apr 4, 2008 at 3:11 am

    Steve Lindemann wrote:
    If the message had been held I should have seen an entry for it in the
    vette log and there wasn't one. I checked the message header for an
    Approved line and (fortunately) didn't find it. I'd be very
    "disappointed" to find that password in a message header.

    If the incoming message had an Approved: header, it would have been
    removed before being archived or sent to the list.

    Note that a post will be determined to be from a list member if any of
    From:, Reply-To: Sender: or the envelope sender (unix from) contains a
    member address. I think in an earlier post, you indicated the message
    came from 5850-260-1-62.dialup.samtel.ru according to your mail server
    log. You could check there for the envelope from, and check the
    Reply-To: of the received post. Unfortunately, if all you have is a
    message from the list, the Sender: (and maybe other headers too) has
    been rewritten by Mailman, but the original Sender: if any and 'unix
    from' representing the envelope sender should be in the message in
    archives/private/listname.mbox/listname.mbox. Note also, that this
    list of places to look for a member address is the default, and can be
    overridden by setting SENDER_HEADERS in mm_cfg.py.

    --
    Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-users @
categoriespython
postedApr 3, '08 at 7:18p
activeApr 4, '08 at 3:11a
posts7
users3
websitelist.org

People

Translate

site design / logo © 2022 Grokbase