[Mailman-Developers] Spammers forging addresses for subscribe/unsubscribe
Justin Long
justinlong at gmail.com
Sat Apr 19 05:07:36 CEST 2008
Greetings,
we used to have a situation where a spammer would do the following with qmail:
(1) spammer send a message FROM someone (forging their address) TO an
invalid address on our server CONTAINING spam
(2) our server sees the address is invalid
(3) our server BOUNCES error message CONTAINING original message
(including spam) FROM us TO the forged address (which was the apparent
from address)
thus making us a spam source. (Ingenious.)
Since we have moved to postfix/mailman, we are now encountering a
different situation, also probably arising from spam
(1) spammer sends a message FROM someone (forged) TO a range of
addresses which include the -subscribe and/or -unsubscribe address
(2) mailman BOUNCES confirmation message TO forged address FOR
-subscribe/unsubscribe, this may include the spam (as part of the
notification)
(3) sometimes, if the address is invalid (dead address), we get a
bounce back saying the address is no good, which gets caught in the
"uncaught bounce" cycle.
(4) sometimes, if the address is valid and its to the -subscribe
address, the person gets spammed.
Is there a way in mailman to do the following - and if not, I'd like
to submit these ideas for implementation or adjustment
(1) bounces from subscribe requests should not include the original message
(2) unsubscribe requests should be dropped if they come from an
address which is not a member
You can't really tell if a subscribe request is valid or not, but at
least the attachments could be stripped out...
Cordially,
Justin Long
--
Never retreat. Never surrender. Never cut a deal with a dragon.
-------
Justin Long / justinlong at gmail.com
http://www.strategicnetwork.org - 120,000 subscribers, 16,000 articles
http://www.momentum-mag.org - bi-monthly magazine on unreached peoples
http://www.momentum-mag.org/wiki - Missiopedia of Christian missions
MSNIM justinlong at strategicnetwork.org / Skype nsmjustinlong
-------
We help people build 6 things: Drive, Energy, Effort, Inspiration,
Power, Strength
-------
No armor? Unclean life? Then do not mess in the affairs of dragons,
for you are crunchy and taste good with ketchup.
More information about the Mailman-Developers
mailing list