Thank you, Mark. Even though this list is set to be anonymous, I was able to obtain the original sender's email address from the mbox file, as you suggested. It appears that a hacker spoofed a legitimate member email.
From: Mark Sapiro [mailto:mark at msapiro.net]
Sent: Monday, April 12, 2010 4:08 PM
To: Fitzpatrick, Ted; mailman-users at python.org
Subject: Re: [Mailman-Users] Email from Listname
Fitzpatrick, Ted wrote:
A hacker recently broadcast email to a discussion list by setting the "from:" header to be the name of the list, e.g., listname at emaildomainname.ca.gov<mailto:listname at emaildomainname.ca.gov>
What's the best way to resolve this issue? If I block incoming email from this address, will that interfere with Mailman's normal operations?
The real question is why was this message accepted? What is the list
setting for generic_nonmember_action? What is in
The listname itself should not be a member of the list, thus a post
From: listname would normally be a non-member post unless there was
also a Reply-To: or Sender: header with a list member address or the
envelope sender address was a list member.
Find the message in Mailman's
archives/private/LISTNAME.mbox/LISTNAME.mbox file. This will show you
the original envelope sender in the "From " separator. Assuming the
list is not anonymous, it will also have the original Sender: header
if any and if the list doesn't mung Reply-To: it will have the
original Reply-To: if any.
Hopefully that information will enable you to see why the post was
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan