[Mailman-Users] problem with Mailman address security?
jm-mailman-users at jmason.org
jm-mailman-users at jmason.org
Thu Jul 11 13:46:33 CEST 2002
Here's a wierd one. I run a mailing list which is set to "subscriber
list visible only to administrator", and it seems that some addresses
(if not all) have leaked onto a spam list.
- I'm (reasonably) certain the user did not simply use the same address
elsewhere -- the user uses sneakemail.com, which generates one-time
addresses randomly, and assures me that the addr was used only for my
list.
- the user has never *posted* to the list, it's an announce-only one.
- the /roster/ page is definitely set to "admin only" visibility, and
always has been.
- the headers of the message the user received, indicate the spam was sent
direct from spammer to user, not via the list itself. Anyway, the list
is moderated ;) . Also, I got a copy of the spam to my own address
used for that list. So I'm pretty certain the address was scraped
somehow.
Can anyone suggest a way this is possible with MailMan, without a spammer
needing the admin password to scrape the list? Or without them hacking
the box in general?
--j.
More information about the Mailman-Users
mailing list