[Mailman-Developers] Virus sent to lists "from" my domain - add
password for mods
Bill Campbell
bill at celestial.com
Fri Apr 2 14:56:15 EST 2004
On Mon, Mar 15, 2004, Arthur Gibbs wrote:
>Using Mailman 2.1.3, we have had problems with virus-generated messages with
>spoofed senders getting through to a one-way list.
>
>The only 'solution' I have found is to to disallow any non-moderated users
>or administrators. This forces all messages, even from list admins, to be
>moderated.
>
>Under Privacy options: [Recipient filters], we set "Ceiling on acceptable
>number of recipients for a posting" to 1.
>
>And also turned on 'Emergency moderation of all list traffic is enabled' in
>General Options.
>
>However this is not ideal. Back in the dark ages I used Majodomo. As
>primtive as that program was, these virus messages would not be getting
>through. Reason? The moderated users had to include a password with each
>post. Could that password type feature be added?
>
>A virus might forge the 'form' and the envelope. But it is aweful hard to
>forge a good password that also matches that from.
>
>Any thoughts?
Enable Spamassassin, and assign a very high value to MICROSOFT_EXECUTABLE
and MIME_SUSPECT_NAME.
Bill
--
INTERNET: bill at Celestial.COM Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/
``Never chastise a Windows user...just smile at them kindly as you would a
disadvantaged child.'' WBM
More information about the Mailman-Developers
mailing list