Set the mm_cfg.py and see Default.py for this info:

# The envelope sender is set by the SMTP delivery and is thus less easily # spoofed than the sender, which is typically just taken from the From: header # and thus easily spoofed by the end-user. However, sometimes the envelope # sender isn't set correctly and this will manifest itself by postings being # held for approval even if they appear to come from a list member. If you # are having this problem, set this variable to No, but understand that some # spoofed messages may get through. USE_ENVELOPE_SENDER = No MAKE YES!

This will help block some of your problem - unauthorized posts. The virus checker still goes.

----- Original Message ---------------

Return-path: <mailman-users-bounces@python.org> Received: from mail.python.org (mail.python.org [12.155.117.29]) by spf6.us4.outblaze.com (Postfix) with ESMTP id 3D823539AA for <lloyd_tennison@whoever.com>; Wed, 5 May 2004 09:31:55 +0000 (GMT) Received: from localhost.localdomain ([127.0.0.1] helo=mail.python.org) by mail.python.org with esmtp (Exim 4.22) id 1BLIqm-0005AH-BH; Wed, 05 May 2004 05:38:00 -0400 Received: from ext-proxy-1.ftel.co.uk ([192.65.220.99]) by mail.python.org with esmtp (Exim 4.22) id 1BLIqc-00054C-Ex for mailman-users@python.org; Wed, 05 May 2004 05:37:50 -0400 Received: from utility-2.ftel.co.uk (utility-2.ftel.co.uk [193.112.172.11]) by ext-proxy-1.ftel.co.uk (8.12.10/8.12.9/Revision:1.91/relay-in/ssl/db) with ESMTP id i459baXi019160; Wed, 5 May 2004 10:37:40 +0100 Received: from [172.16.3.104] (barrett-mac.ftel.co.uk [172.16.3.104]) by utility-2.ftel.co.uk (8.12.9+Sun/8.12.9/Revision:1.90/db) with ESMTP id i459bQEp012506; Wed, 5 May 2004 10:37:29 +0100 (BST) In-Reply-To: <6.0.0.22.2.20040505011923.01f2d828@pop.west.cox.net> References: <6.0.0.22.2.20040505011923.01f2d828@pop.west.cox.net> Mime-Version: 1.0 (Apple Message framework v613) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <CE96CC72-9E77-11D8-92AB-000A957C9A50@openinfo.co.uk> Content-Transfer-Encoding: 7bit From: Richard Barrett <r.barrett@openinfo.co.uk> Subject: Re: [Mailman-Users] Mail Lists, Authorized Posters and Virus/Worm Access Date: Wed, 5 May 2004 10:37:21 +0100 To: Bob Bowers <b-bowers@cox.net> X-Mailer: Apple Mail (2.613) X-Virus-Scanned: by amavisd-milter (http://amavis.org/) X-Spam-Status: OK (lists-mailman 0.000) Cc: mailman-users@python.org X-BeenThere: mailman-users@python.org X-Mailman-Version: 2.1.5c2 Precedence: list List-Id: Mailman mailing list management users <mailman-users.python.org> List-Unsubscribe: <http://mail.python.org/mailman/listinfo/mailman-users>, <mailto:mailman-users-request@python.org?subject=unsubscribe> List-Archive: <http://mail.python.org/pipermail/mailman-users> List-Post: <mailto:mailman-users@python.org> List-Help: <mailto:mailman-users-request@python.org?subject=help> List-Subscribe: <http://mail.python.org/mailman/listinfo/mailman-users>, <mailto:mailman-users-request@python.org?subject=subscribe> Sender: mailman-users-bounces@python.org Errors-To: mailman-users-bounces@python.org

On 5 May 2004, at 09:28, Bob Bowers wrote:

...

In my community last week, someone gained access to a mail list with hundreds of subscribers by mimicking an email address authorized to post to the list (moderation bit set OFF). In such a case, moderator approval was not required. What resulted was that a worm of the W32Beagle variety was sent to many hundreds of subscribers. I have changed all my mail lists to require active moderation of all posts (moderation bits are ON for all subscribers), and automatic rejection of all posts from non-members.

It appears that it was just a matter of time for someone with ill intent to figure out that the "from" address in a message from a mail list might represent access to the mail list for mischief. It would not appear accidental that a virus or worm operating on some unsuspecting individual's computer accidentally sent itself to the posting address of a mail list as well as from an authorized email address. It is more likely that it was deliberate.

I doubt that the virus writer was targeting mailing lists in this considered fashion; to them, a mail alias is just a mail alias.

I understand these virus types use the MUA address book on machines it infects as a source of mail address to send its progeny on to. One of your list's subscribers was probably the source of the infected message and your list's address just one of a number pillaged from that user's address book as destinations by a promiscuous virus.

In my view, running effective virus (and spam) filtering on your incoming MTA is the secret of happiness. It keeps viruses away from your both your lists' and your real users' mail aliases, and it means you do not have to moderate everything if the virus loaded messages are being silently dropped in the bit bucket by the MTA.

---

Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/