[Mailman-Users] Protecting user data
jonc at nc.rr.com
Thu Oct 3 23:36:40 CEST 2002
There are couple of things you can do.
- Edit the source of the arching program so that it drops the header
info from messages before archiving them (I did this last year for a
list and it's worked great).
- Run a script that edits the Mbox file for the list directly and then
re-archive after you run the script.
Note, that folks have the option under the default install to download
the mbox file for the list. If you simply edit the archives, then
someone can still grab all the headers, etc, from the mbox.
Good Luck - Jon Carnes
On Thu, 2002-10-03 at 15:15, Slap's Mailing List Account wrote:
> I run a discussion list using Mailman 2.1 for a small open-source project.
> Recently, there was a security vulnerability discussed on my list and
> shortly after it was brought to light, several users of my list were
> attacked by a cracker through this security issue. I believe that the
> attacker saw the posts on our list (in the public archives or he could
> even be subscribed) and used that information to attack our users, and
> that he gained their IP addresses through the headers of their posts to
> the list.
> I have this option enabled: (Hide the sender of a message, replacing it
> with the list address (Removes From, Sender and Reply-To fields)), but
> when the user sends email, it still shows it as originating from their
> personal computer. I need a way to protect this information (their IP
> address, etc) so that it looks like the messages are just coming from my
> Mailman server instead.
> Since there are several users on my list who are running my software and
> posting to the list from the same server, I need to be able to protect
> them - otherwise, we will not be able to safely discuss issues such as
> security concerns again.
> If anybody can help me with this, I'd greatly appreciate it.
> Sean B
> Mailman-Users mailing list
> Mailman-Users at python.org
> Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
More information about the Mailman-Users