[mailman-users] member-only lists and non-member postings
Ted Peterson
ted at nicar.org
Wed Mar 10 18:41:00 CET 2004
The same as Nancy, I am also seeing viruses (W32Beagle) on moderated
Mailman lists since last Friday, March 5th. Here are the mbox
headers if anybody has a clue:
> From aajaonline-admin at svr1.nicar.org Wed Mar 10 01:17:14 2004
> Received: from TOSHIBA-ERIK (ool-4352a0c2.dyn.optonline.net
> [67.82.160.194])
> by svr1.nicar.org (8.12.10/8.12.10) with SMTP id
> i2A1HCMh013231 for <aajaonline at aaja.org>; Wed, 10 Mar 2004
> 01:17:13 GMT
> Date: Tue, 09 Mar 2004 20:17:07 -0800
> To: aajaonline at aaja.org
> From: National at aaja.org
> Message-ID: <qwounnxrcclimtadjqw at aaja.org>
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="--------ymseoxktfqrivsnemwfk"
> X-Spam-Status: No, hits=0.3 required=5.0 tests=NO_REAL_NAME,YOU_WON
> autolearn=no version=2.60
> X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
> svr1.nicar.org
> Subject: [AAJAOnline] Weeeeee! ;)))
> X-BeenThere: aajaonline at aaja.org
> X-Mailman-Version: 2.1.3
> Precedence: list
> List-Id: AAJAOnline <aajaonline.aaja.org>
> List-Unsubscribe: <http://lists.aaja.org/mailman/listinfo/aajaonline>,
> <mailto:aajaonline-request at aaja.org?subject=unsubscribe>
> List-Archive: <http://lists.aaja.org/mailman/private/aajaonline>
> List-Post: <mailto:aajaonline at aaja.org>
> List-Help: <mailto:aajaonline-request at aaja.org?subject=help>
> List-Subscribe: <http://lists.aaja.org/mailman/listinfo/aajaonline>,
> <mailto:aajaonline-request at aaja.org?subject=subscribe>
> X-List-Received-Date: Wed, 10 Mar 2004 01:17:14 -0000
Thanks.
Ted Peterson
IRE/NICAR Web Administrator
On Fri, 05 Mar 2004 10:25:24 -0800, Nancy S wrote:
Subject: Re: [mailman-users] member-only lists and non-member
postings
At 11:42 AM 3/5/04 -0500, Dean Karres wrote:
>Two days ago we received several spam / virus loaded messages from
>obviously fake non-members on a few of our mailing lists. All were
>stopped and discarded -- except two. Those two messages were aimed
at
>out largest mailing list.
In the last 48 hours, two messages with faked (nonmember) addresses
and virus
attachments got through to our member-only lists. Between the first
and second attack,
I changed the administrator and moderator passwords and I haven't
shared the new
passwords with anyone. One of the lists is *very* tightly controlled
and none of the 3
folks who could post without moderation has reported their system
being compromised.
The logfiles show nothing but the messages going through as if they
had been from
unmoderated members of the list (but the sender in the logfile is
clearly a
nonmember). I don't see anything in the headers of the messages that
would indicate
why they bypassed the moderator.
While this doesn't answer Dean's question about how to compare the
configurations of
two lists, my gut is telling me the lists are properly configured and
something else
is going on. Any clues would be appreciated.
Thanks!
-Nancy
More information about the Mailman-Users
mailing list