On Tue, 2004-02-24 at 12:26, Bastiaan Welmers wrote:
I found an spam vulnarability in mailman public archives. However (you can choose to) mailaddresses in public archives are spam
protected because @ will be replaced in " at " or " op " in both the txt and the html files, in the raw mbox file are still being the unprotected email addresses. I found this bug by change: after I subscribed a brand-new mailaddress to a public-archive list, shortly after that I recieved spam. A google search to this brand-new mail address brought me to the mbox file where it just stays unprotected.
Look at the new-in-MM2.1.4 PUBLIC_MBOX variable. This is now set to No by default so as to disable access to the mbox file. I actually think it's rare that people need access to this thing, especially because it can get pretty huge.
-Barry