[Mailman-Users] Spoofing Issue

Andrew Tait antait at blueyonder.co.uk
Mon Apr 5 20:16:07 CEST 2004


On Mon, 5 Apr 2004 08:55:41 -0400, Doug Straight 
<dstraigh at rochester.rr.com> wrote:

> We had an event on Saturday where all 8,000 members got an infected email
> from the list.  It looked just like the newsletter we sent out in most 
> cases

> My web hosting contact tells me that this is a case of someone 
> "spoofing" as
> our administrator and using our email (only the mailing list was 
> effected)
> and sending out a message to the whole list.  I was wondering if you 
> thought
> that was possible.

I'm sure that it is possible.  AFAIK the only thing required to post to a 
list is a valid From: address, ie it doesn't do any fancy checking, so if 
B[e]agle managed to infect a computer that had the administrator's email 
address AND the mailing list email address, it is possible.  In any set of 
circumstances, someone who has hit "Reply" or "Reply all" to one of your 
messages will have this scenario.

Unlucky!  Maybe you want to moderate yourself, at least in the short term, 
then you're immune to the message going into the wild?  If you really only 
use the list once a month, then unmoderate, send, and remoderate.  Or just 
send and approve.



More information about the Mailman-Users mailing list