[Mailman-Users] Help stopping Virus sent to lists "from" my domain
Caleb Epstein
cae at bklyn.org
Thu Mar 11 17:59:50 CET 2004
Mailman version 2.1.4
Hi folks. I administer a few Mailman-based lists on etree.org
(http://mail.etree.org has the web interface if you care), and
used to think I had the lists well configured to block most
virus and SPAM.
Lately however the lists have begun to receive viruses posing
as official-looking messages from addresses like these ("at" =
@, "dot = .) "management at Etree dot org" and "admin at Etree
dot org", which are ficticious addresses but look real enough
to many subscribers. The virus payload gets stripped out by
Mailman's MimeDel filtering, but I am at a loss to explain how
the posts are making it through the privacy filters in the
first place.
For example, the announce list has all users set as
moderated and a handful of addresses are listed in
accept_these_nonmembers. The generic_nonmember_action is set
to Discard. The addresses I mention above (management and
admin at Etree.org) are not members of the list and not
mentioned anywhere in any of the list configuration. Yet an
still, postings with these addresses listed in the "From:"
header are making it through to the list without being held up
for moderation or being discarded.
Here is a sample message:
http://bklyn.org/~cae/mailman-stumper.txt
I'd be grateful if anyone could help me figure out how these
sorts of messages are making it thru Mailman's privacy
filters. Thoughts I had:
* Could the sender be forging "X-BeenThere"; would that cause
Mailman to let the post go through?
* Does Mailman silently allow <anything>@yourdomain through
to the lists?
--
Caleb Epstein | bklyn . org | BOFH excuse #281:
cae at | Brooklyn Dust |
bklyn dot org | Bunny Mfg. | The co-locator cannot verify the frame-relay
| | gateway to the ISDN server.
More information about the Mailman-Users
mailing list