[Mailman-Users] Spoofed Addresses
David Relson
relson at osagesoftware.com
Sat Oct 30 02:24:06 CEST 2004
On Fri, 29 Oct 2004 16:59:09 -0700
Kenneth Porter wrote:
> --On Friday, October 29, 2004 5:33 PM -0400 David Relson
> <relson at osagesoftware.com> wrote:
>
> > The other one spoofed a valid subscriber's address, so mailman
> > accepted it and sent copies to all subscribers.
>
> How do you know it's spoofed? How would mailman know?
Hi Kenneth,
Your reply is appreciated!
To answer your questions, both messages were from the same ip address,
part of a class C subnet registered to a German ISP. The message from
bogofilter at bogofilter.org to bogofilter-dev at bogofilter.org is clearly
bogus because (1) it has the wrong originating ip address and (2)
mailman has verp enabled hence the sender's address is never actually
used when sending. The subscriber's address in the other message is
_my_ address and I've got an American ip address (and which is not part
of the german subnet). So I know _both_ messages had spoofed addresses.
Part of asking the question was to learn whether mailman has any ability
to verify addresses. I wasn't aware of anything, which doesn't mean it
can't be done. Along a similar vein, I'm wondering if there are ways
for postfix and procmail to validate addresses.
The question was posted here because I'm aware of that this list's
readers have a significant amount of knowledge about all things mail
related. Honestly, I rate my mail knowledge at the rookie/novice level
which is enough to get by but not enough to answer questions such as I
asked.
Regards,
David
More information about the Mailman-Users
mailing list