[Mailman-Users] Help stopping Virus sent to lists "from" my domain

Caleb Epstein cae at bklyn.org
Thu Mar 11 17:59:50 CET 2004

	Mailman version 2.1.4

	Hi folks.  I administer a few Mailman-based lists on etree.org
	(http://mail.etree.org has the web interface if you care), and
	used to think I had the lists well configured to block most
	virus and SPAM.

	Lately however the lists have begun to receive viruses posing
	as official-looking messages from addresses like these ("at" =
	@, "dot = .) "management at Etree dot org" and "admin at Etree
	dot org", which are ficticious addresses but look real enough
	to many subscribers. The virus payload gets stripped out by
	Mailman's MimeDel filtering, but I am at a loss to explain how
	the posts are making it through the privacy filters in the
	first place.

	For example, the announce list has all users set as
	moderated and a handful of addresses are listed in
	accept_these_nonmembers.  The generic_nonmember_action is set
	to Discard.  The addresses I mention above (management and
	admin at Etree.org) are not members of the list and not
	mentioned anywhere in any of the list configuration.  Yet an
	still, postings with these addresses listed in the "From:"
	header are making it through to the list without being held up
	for moderation or being discarded.

	Here is a sample message:


	I'd be grateful if anyone could help me figure out how these
	sorts of messages are making it thru Mailman's privacy
	filters.  Thoughts I had:

	* Could the sender be forging "X-BeenThere"; would that cause
	  Mailman to let the post go through?

	* Does Mailman silently allow <anything>@yourdomain through
	  to the lists?

Caleb Epstein |  bklyn . org  |  BOFH excuse #281:
    cae at    | Brooklyn Dust |
bklyn dot org |   Bunny Mfg.  |  The co-locator cannot verify the frame-relay
              |               |  gateway to the ISDN server.

More information about the Mailman-Users mailing list