FAQ
I seem to be getting spam sent through mailman

I have the following lists setup

LIPHP (liphp at lists.liphp.org) and mailman

mailman shouldnt actually be sending any where

The MTA is exim4

something sent from mailman at lists.liphp.org is being accepted and looks like sending some spam through it. I dont believe liphp at lists.liphp.org is doing this.

Can anyone help me??

Search Discussions

  • Mark Sapiro at Oct 6, 2008 at 5:50 pm

    Donald J. Organ IV wrote:
    I seem to be getting spam sent through mailman

    I have the following lists setup

    LIPHP (liphp at lists.liphp.org) and mailman

    mailman shouldnt actually be sending any where

    The MTA is exim4

    something sent from mailman at lists.liphp.org is being accepted and looks like sending some spam through it. I dont believe liphp at lists.liphp.org is doing this.

    Can anyone help me??

    Not without more information. Can you post the complete headers from
    one of the spam messages. Then perhaps we can see where the mail is
    coming from.

    --
    Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan
  • Nancy Shoemaker at Oct 7, 2008 at 3:06 pm
    I've seen one recent instance of this as well.

    Mailman version - 2.1.11

    From the log file:
    /usr/local/mailman/logs/post:
    Oct 06 08:14:21 2008 (25523) post to aauwnc-list from
    noreply at myyearbook.com, sizew21,
    message-id=<B7.79.09034.A5CF9E84 at smtp01.scs.myyearbook.com>, success

    "noreply at myyearbook.com" is not a subscriber (!), and the the
    "generic_nonmember_action" is set to "discard".

    I sent a support request to MyYearbook.com (which does look like a
    valid site -- though with loose rules on encouraging subscribers to
    invite others), but haven't heard back.

    The headers of the message that got through to the list didn't
    include any reference to a subscriber to the list, but a message that
    was delivered to my personal mailbox had a "Reply-To" header that
    allowed me to track down the subscriber who probably inadvertently
    spammed her entire address book with these messages. In other words,
    the headers of the message I got outside of Mailman included:

    From: myYearbook.com<noreply at myyearbook.com>
    Subject: Is Barbara Your Friend? Please respond!!
    x-mybid: bmFuY3lzaG9lbWFrZXJAbWluZHNwcmluZy5jb20To: <my personal address>
    MIME-Version: 1.0
    Content-type: text/html; charset=iso-8859-1
    Reply-To: "Barbara" <a list subscriber's address>

    I don't see the "Reply-To" header in the Mailman message (and,
    indeed, the message that got through to the list has no way to tell
    which Barbara sent it).

    I believe this is the expected behavior for mismatched "reply-to" and
    "From" headers. Is there any way that such a mismatch could be
    considered a flag to be logged (so the real sender could be tracked
    down) or to trigger moderation -- with exceptions for "reply to the
    list" of course?
  • Mark Sapiro at Oct 7, 2008 at 4:28 pm

    Nancy Shoemaker wrote:
    The headers of the message that got through to the list didn't
    include any reference to a subscriber to the list, but a message that
    was delivered to my personal mailbox had a "Reply-To" header that
    allowed me to track down the subscriber who probably inadvertently
    spammed her entire address book with these messages. In other words,
    the headers of the message I got outside of Mailman included:

    From: myYearbook.com<noreply at myyearbook.com>
    Subject: Is Barbara Your Friend? Please respond!!
    x-mybid: bmFuY3lzaG9lbWFrZXJAbWluZHNwcmluZy5jb20=
    To: <my personal address>
    MIME-Version: 1.0
    Content-type: text/html; charset=iso-8859-1
    Reply-To: "Barbara" <a list subscriber's address>

    I don't see the "Reply-To" header in the Mailman message (and,
    indeed, the message that got through to the list has no way to tell
    which Barbara sent it).

    I believe this is the expected behavior for mismatched "reply-to" and
    "From" headers. Is there any way that such a mismatch could be
    considered a flag to be logged (so the real sender could be tracked
    down) or to trigger moderation -- with exceptions for "reply to the
    list" of course?

    A post is considered to be from a member if a member's address is in
    any of the From:, Reply-To: or Sender: headers or is the envelope
    sender.

    Normally, the Reply-To: address in the incoming post will also be in
    the message sent to the list, but if you do Reply-To: munging
    (first_strip_reply_to = Yes), it will be removed.

    If you don't want to accept posts where only the Reply-To: address is a
    list member, set

    SENDER_HEADERS = ('from', None, 'sender')

    in mm_cfg.py. The default is

    SENDER_HEADERS = ('from', None, 'reply-to', 'sender')

    where None means the envelope sender.

    --
    Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan
  • Nancy Shoemaker at Oct 7, 2008 at 5:07 pm

    At 12:28 PM 10/7/2008, Mark Sapiro wrote:
    A post is considered to be from a member if a member's address is in
    any of the From:, Reply-To: or Sender: headers or is the envelope
    sender.

    Normally, the Reply-To: address in the incoming post will also be in
    the message sent to the list, but if you do Reply-To: munging
    (first_strip_reply_to = Yes), it will be removed.

    If you don't want to accept posts where only the Reply-To: address is a
    list member, set

    SENDER_HEADERS = ('from', None, 'sender')

    in mm_cfg.py. The default is

    SENDER_HEADERS = ('from', None, 'reply-to', 'sender')

    where None means the envelope sender.
    Thanks, Mark.

    I'd forgotten about the "first_strip_reply_to" option-- and never
    thought about this implication.

    I'm just the administrator of the list(s), and don't have direct
    access to the mm_cfg.py file. This is a rare enough occurrence, that
    I'm unlikely to ask the server administrator to make a change.

    But I will reset the "first_strip_reply_to" settings. Thanks, again!

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-users @
categoriespython
postedOct 6, '08 at 1:46a
activeOct 7, '08 at 5:07p
posts5
users3
websitelist.org

People

Translate

site design / logo © 2022 Grokbase