FAQ
Hi,

A hacker recently broadcast email to a discussion list by setting the "from:" header to be the name of the list, e.g., listname at emaildomainname.ca.gov<mailto:listname at emaildomainname.ca.gov>

What's the best way to resolve this issue? If I block incoming email from this address, will that interfere with Mailman's normal operations?

Thanks,

Ted

Search Discussions

  • Mark Sapiro at Apr 12, 2010 at 11:08 pm

    Fitzpatrick, Ted wrote:
    A hacker recently broadcast email to a discussion list by setting the "from:" header to be the name of the list, e.g., listname at emaildomainname.ca.gov<mailto:listname at emaildomainname.ca.gov>

    What's the best way to resolve this issue? If I block incoming email from this address, will that interfere with Mailman's normal operations?

    The real question is why was this message accepted? What is the list
    setting for generic_nonmember_action? What is in
    accept_these_nonmembers?

    The listname itself should not be a member of the list, thus a post
    From: listname would normally be a non-member post unless there was
    also a Reply-To: or Sender: header with a list member address or the
    envelope sender address was a list member.

    Find the message in Mailman's
    archives/private/LISTNAME.mbox/LISTNAME.mbox file. This will show you
    the original envelope sender in the "From " separator. Assuming the
    list is not anonymous, it will also have the original Sender: header
    if any and if the list doesn't mung Reply-To: it will have the
    original Reply-To: if any.

    Hopefully that information will enable you to see why the post was
    accepted.

    --
    Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan
  • Fitzpatrick, Ted at Apr 14, 2010 at 4:55 pm
    Thank you, Mark. Even though this list is set to be anonymous, I was able to obtain the original sender's email address from the mbox file, as you suggested. It appears that a hacker spoofed a legitimate member email.

    Ted

    -----Original Message-----
    From: Mark Sapiro [mailto:mark at msapiro.net]
    Sent: Monday, April 12, 2010 4:08 PM
    To: Fitzpatrick, Ted; mailman-users at python.org
    Subject: Re: [Mailman-Users] Email from Listname

    Fitzpatrick, Ted wrote:
    A hacker recently broadcast email to a discussion list by setting the "from:" header to be the name of the list, e.g., listname at emaildomainname.ca.gov<mailto:listname at emaildomainname.ca.gov>

    What's the best way to resolve this issue? If I block incoming email from this address, will that interfere with Mailman's normal operations?

    The real question is why was this message accepted? What is the list
    setting for generic_nonmember_action? What is in
    accept_these_nonmembers?

    The listname itself should not be a member of the list, thus a post
    From: listname would normally be a non-member post unless there was
    also a Reply-To: or Sender: header with a list member address or the
    envelope sender address was a list member.

    Find the message in Mailman's
    archives/private/LISTNAME.mbox/LISTNAME.mbox file. This will show you
    the original envelope sender in the "From " separator. Assuming the
    list is not anonymous, it will also have the original Sender: header
    if any and if the list doesn't mung Reply-To: it will have the
    original Reply-To: if any.

    Hopefully that information will enable you to see why the post was
    accepted.

    --
    Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-users @
categoriespython
postedApr 12, '10 at 10:47p
activeApr 14, '10 at 4:55p
posts3
users2
websitelist.org

2 users in discussion

Fitzpatrick, Ted: 2 posts Mark Sapiro: 1 post

People

Translate

site design / logo © 2022 Grokbase