[Mailman-Users] Protecting user data

Slap's Mailing List Account slaplist at rockhopper.penguinpalace.com
Thu Oct 3 21:15:08 CEST 2002


I run a discussion list using Mailman 2.1 for a small open-source project.
Recently, there was a security vulnerability discussed on my list and
shortly after it was brought to light, several users of my list were
attacked by a cracker through this security issue. I believe that the
attacker saw the posts on our list (in the public archives or he could
even be subscribed) and used that information to attack our users, and
that he gained their IP addresses through the headers of their posts to
the list.

I have this option enabled: (Hide the sender of a message, replacing it
with the list address (Removes From, Sender and Reply-To fields)), but
when the user sends email, it still shows it as originating from their
personal computer. I need a way to protect this information (their IP
address, etc) so that it looks like the messages are just coming from my
Mailman server instead.

Since there are several users on my list who are running my software and
posting to the list from the same server, I need to be able to protect
them - otherwise, we will not be able to safely discuss issues such as
security concerns again.

If anybody can help me with this, I'd greatly appreciate it.


Sean B

More information about the Mailman-Users mailing list