[Mailman-Users] Help stopping Virus sent to lists "from" my domain
Jerold Stratton
jerry at sandiego.edu
Thu Mar 11 19:32:21 CET 2004
On Thursday, March 11, 2004, at 09:50 AM, ted wrote:
> I just posted a bug ticket for this problem. You are the 3rd or 4th
> person, including me, to have reported this to mailman-users
> recently. The bug ticket is here:
> http://sourceforge.net/tracker/?group_id=103&atid=100103
>
> Please add your comments to the item so the developers take this
> seriously. If you don't have a SourceForge account, you can create one
> here: http://sourceforge.net/account/register.php
>
I've been having this problem also, but while I'm sure the developers
are taking it seriously, I'm not sure what they can do. E-mail has only
one means of determining who something is from: the envelope from.
They could match the envelope to the from: line, but that's hardly a
fix. The from: line is just as easy to forge as the envelope.
The only way I can see of them "fixing" it is to disallow any
non-moderated users or administrators. They could force all messages,
even from list admins, to be moderated. I don't see that going over
very well.
The best place to fix this particular instantiation of the problem is
at the mail server anyway. The mail server itself should never have
delivered the virus-laden message to the mailing list. But this does
not solve the problem of forged from addresses, it only keeps forgeries
from bearing known viruses.
Personally, I use this as an excuse to turn off attachments to mailing
lists. But that isn't a solution that goes over very well either.
My personal preference for "fixing" it is for mail client writers to
start supporting a signed mail standard. Then, mailman could accept
administrator mail only if it is signed and the administrator has
already given mailman their public key. But doing that today would be
practically the same thing as requiring all administrator mail to be
moderated.
Jerry
jerry at sandiego.edu
http://www.sandiego.edu/~jerry/
Serra 188B/x8773
--
"The major difference between a thing that might go wrong and a thing
that cannot possibly go wrong is that when a thing that cannot possibly
go wrong goes wrong it usually turns out to be impossible to get at and
repair."--Douglas Adams (Mostly Harmless)
More information about the Mailman-Users
mailing list