[Mailman-Users] DOS security issue.

Steve Lay S.W.Lay at ucles-red.cam.ac.uk
Tue Feb 12 16:41:29 CET 2002

This is probably the wrong place to raise this, sorry, but I wonder if
anybody else has had the same trouble we've just had.

We're running 2.0.8 with exim and recently a user sent a message with the
following sort of "To:" header..

To: listname at listserver.domain>

Notice the trailing '>' character.

Mailman processed this message just fine and sent it out to several hundred
subscribers.  A small group of these messages failed with 550 result codes
from the remote SMTP servers, mostly from one fairly large ISP.

Putting aside the issue of whether or not this is a valid reason for
returning a 550 result code, a malicious user could (a) use this technique
to exclude users from a discussion or (b) bump these users from the list by
sending a flurry of messages that result in their subscriptions being
disabled or revoked.

Clearly mailman cannot parse and validate all message headers, but those
that it examines (such as "To:") should probably be rejected if they
contain syntax errors.

What do other list server owners think?

More information about the Mailman-Users mailing list