[Mailman-Users] Spoofed Addresses

David Relson relson at osagesoftware.com
Fri Oct 29 23:33:55 CEST 2004


I'm running bogofilter's  mailing lists (user, developer, announce)
using postfix, procmail, and mailman-2.1.5.  This morning two spoofed
messages arrived.

One of them was from the user list to the developer list. As the spoofed
address wasn't a valid subscriber, the message resulted in a call for
administrative action.  No problem!!

The other one spoofed a valid subscriber's address, so mailman accepted
it and sent copies to all subscribers.  I'm not sure whether I should
give mailman a pat on the back for doing its job, or not.

Anyhow, can anyone suggest how to harden the tool chain
(postfix/procmail/mailman) so this doesn't happen again?



More information about the Mailman-Users mailing list