[Mailman-Developers] bugtraq submission warning: email address harvesting exploit

Barry Warsaw barry at python.org
Thu Nov 27 23:05:16 EST 2003

On Fri, 2003-11-28 at 06:26, Colin Palmer wrote:

> (then you just need to add an ACL to the webserver to stop someone
> downloading the listname.mbox file that has all the unmunged addresses
> still in it)

I'd consider turning this off for 2.1.4 if people agree.  Perhaps making
it available only through a site config var.  I'm not sure how easy that
is, but it seems important enough to close off access to the mbox file.


More information about the Mailman-Developers mailing list