Hi,
I'm not sure that this is the right address to send this, but here it goes:
Addition to Mailman: those individuals are left with no means to unsubscribe themselves, since
- Allow users to retrieve password via email commands, not only via the web interface. When a spammer subscribes people and disables the web interface,
they cannot get the password sent to them.
Roberto Perez rgpg@technologist.com
On Thu, 2003-12-25 at 16:06, Roberto Perez wrote:
Hi,
I'm not sure that this is the right address to send this, but here it goes:
Addition to Mailman: those individuals are left with no means to unsubscribe themselves, since
- Allow users to retrieve password via email commands, not only via the web interface. When a spammer subscribes people and disables the web interface,
they cannot get the password sent to them.
Roberto Perez rgpg@technologist.com
Fortunately Roberto, most spammers don't use Mailman. There is a *lot* of other programs out there that allow them to spam from windows boxes (as well as Unix).
Santa has already answered your "ToDo" request, The password command retrieves passwords via email - though it is unnecessary as the unsubscribe command removes folks without need of the password - you have to respond to the email as a confirmation.
HoHoHo Merry Christmas!
Jon Carnes
At 11:54 AM 12/26/03, Jon Carnes wrote:
Fortunately Roberto, most spammers don't use Mailman. There is a *lot* of other programs out there that allow them to spam from windows boxes (as well as Unix).
That's true in most cases, but in our university we are being spammed with a news bulletin no one subscribed to, managed by a mailman program. The spammer has disabled the web interface, and since we did not subscribe ourselves, we don't have the individual passwords to unsubscribe via email. In the wrong hands, mailman can unfortunately be a powerful tool ...
Santa has already answered your "ToDo" request, The password command retrieves passwords via email
I got the "help" file from the mailman-administered list described above (version 2.0.11), and there was no "password" command. Are we maybe talking about different versions of mailman? Or maybe the "password" command is not documented in the help file?
- though it is unnecessary as the unsubscribe command removes folks without need of the password - you have to respond to the email as a confirmation.
Actually, in this case that I'm describing, sending an email to "list-request" with an "unsubscribe" command does not work. The message is rejected with a note saying the right command should be "unsubscribe <password>", and no confirmation is sent.
So, if you (or anyone else) know how to either recover our individual passwords without a web interface, or unsubscribe in some other way, I'd appreciate ideas/suggestions.
Regards,
Roberto Perez rgpg@technologist.com
A sad tale indeed.
Edit your mailservers /etc/mail/access file and put a big fat REJECT by his domain name!
Good luck - Jon Carnes
On Fri, 2003-12-26 at 18:49, Roberto Perez wrote:
At 11:54 AM 12/26/03, Jon Carnes wrote:
Fortunately Roberto, most spammers don't use Mailman. There is a *lot* of other programs out there that allow them to spam from windows boxes (as well as Unix).
That's true in most cases, but in our university we are being spammed with a news bulletin no one subscribed to, managed by a mailman program. The spammer has disabled the web interface, and since we did not subscribe ourselves, we don't have the individual passwords to unsubscribe via email. In the wrong hands, mailman can unfortunately be a powerful tool ...
Santa has already answered your "ToDo" request, The password command retrieves passwords via email
I got the "help" file from the mailman-administered list described above (version 2.0.11), and there was no "password" command. Are we maybe talking about different versions of mailman? Or maybe the "password" command is not documented in the help file?
- though it is unnecessary as the unsubscribe command removes folks without need of the password - you have to respond to the email as a confirmation.
Actually, in this case that I'm describing, sending an email to "list-request" with an "unsubscribe" command does not work. The message is rejected with a note saying the right command should be "unsubscribe <password>", and no confirmation is sent.
So, if you (or anyone else) know how to either recover our individual passwords without a web interface, or unsubscribe in some other way, I'd appreciate ideas/suggestions.
Regards,
Roberto Perez rgpg@technologist.com
On Fri, Dec 26, 2003 at 06:49:27PM -0500, Roberto Perez wrote:
That's true in most cases, but in our university we are being spammed with a news bulletin no one subscribed to, managed by a mailman program. The spammer has disabled the web interface, and since we did not subscribe ourselves, we don't have the individual passwords to unsubscribe via email.
If a "spammer" is going to such trouble, I imagine he/she would also do things like not have -leave/unsubscribe aliases, require approval to unsubscribe, sync the list periodically with an external source, etc.
I think you're better off treating the source as you would any other spammer: complain to his/her provider, report to blocklist(s), block / filter messages from the source, and the like.
George
theall@tifaware.com
participants (3)
-
George Theall -
Jon Carnes -
Roberto Perez