[Mailman-Developers] bugtraq submission warning: email address harvesting exploit

J C Lawrence claw at kanga.nu
Thu Nov 27 12:23:32 EST 2003

On Thu, 27 Nov 2003 09:17:33 -0800 
Chuq Von Rospach <chuqui at plaidworks.com> wrote:
> On Nov 27, 2003, at 9:08 AM, Terri Oda wrote:
>> On Tue, Nov 25, 2003 at 11:07:39AM -0800, Chuq Von Rospach wrote:

> Remember challenge/response? When everyone thought it was the solution
> to all of our problems? Took the spammers under six weeks to crack it
> once they decided to try. (answer: send spam as being "From:" you,
> "To:" you. Most C/R systems have the user's email address
> whitelisted. end of story.

Hehn, the first thing I did was to blacklist myself and every role
address I had.

> Or leave pipermail alone, and write a CGI that all archives exit
> through that does the filtering, which is IMHO, how you ought to do
> it.


> That way, you can authenticate via that CGI to a level of access,
> change the filtering on the fly, and leave the archives unedited (as I
> think they ought to be).


J C Lawrence
---------(*)                Satan, oscillate my metallic sonatas.
claw at kanga.nu               He lived as a devil, eh?
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.

More information about the Mailman-Developers mailing list