[Mailman-Developers] Virus sent to lists "from" my domain - add password for moderated users

Arthur Gibbs arthur at abible.com
Mon Mar 15 13:53:31 EST 2004


Using Mailman 2.1.3, we have had problems with virus-generated messages with
spoofed senders getting through to a one-way list.

The only 'solution' I have found is to to disallow any non-moderated users
or administrators. This forces all messages, even from list admins, to be
moderated.

Under Privacy options: [Recipient filters], we set "Ceiling on acceptable
number of recipients for a posting" to 1.

And also turned on 'Emergency moderation of all list traffic is enabled' in
General Options.

However this is not ideal.  Back in the dark ages I used Majodomo.  As
primtive as that program was, these virus messages would not be getting
through.  Reason?  The moderated users had to include a password with each
post.  Could that password type feature be added?

A virus might forge the 'form' and the envelope.  But it is aweful hard to
forge a good password that also matches that from.

Any thoughts?




More information about the Mailman-Developers mailing list