[Mailman-Developers] FYI -- mailback validations no longer safe?

J C Lawrence claw@kanga.nu
Sat, 09 Dec 2000 21:06:46 -0800


On Sat, 9 Dec 2000 20:51:07 -0800 
Chuq Von Rospach <chuqui@plaidworks.com> wrote:

> At 8:47 PM -0800 12/9/00, J C Lawrence wrote:
>> The fact that the posts happened to be on-topic is slightly droll
>> and beyond my ability to explain.

> I've had that happen, and it was finally tracked to another list
> member who was pissed at the first, and attempting to ruin their
> reputation on the list. Don't downplay the underlying personal
> interactions and politics of a list, especially one iwth strong
> emotions, where otherwise mature people act like three year olds
> over a stale donut.

Yeah, that was my first suspicion and it really fit all the way up
to the fact that two of them were actually pretty good posts that
sparked useful and deep running threads, and the third was
non-commital to the point of being ho-hum (technically on-topic,
simply re-iterated prior traffic).

<shrug>

The members and I in each case just agreed to >boggle< and keep
running without comment, under the suspicion that comment would only
encourage the activity.

Problem is, I know how trivially simple it is:

  $ dig python.org MX
  ...
  python.org.             23h47m13s IN MX  50 dinsdale.python.org.
  ...
  $ telnet dinsdale.python.org smtp
  HELO kanga.nu
  MAIL FROM: <insert member address here>
  RCPT TO: mailman-developers@python.org
  DATA
  ...
  .
  QUIT

(which in one case appears to be exactly what happened)

-- 
J C Lawrence                                       claw@kanga.nu
---------(*)                        : http://www.kanga.nu/~claw/
--=| A man is as sane as he is dangerous to his environment |=--