[Mailman-Users] Re: Virus Just Got Through on TOTALLYMODERATEDlist.

Brad Knowles brad at stop.mail-abuse.org
Tue Feb 8 17:16:47 CET 2005

At 9:59 AM -0500 2005-02-08, Dan Mahoney, System Admin quoted Mark Sapiro:

>>  As I said before, the information we really need in order to figure
>>  this out would be the post as received by Mailman, not the one sent
>>  out, but there's no way to get this from Mailman after the fact.
>  *that* is a problem.  I see no reason there shouldn't be an option to
>  log this (either in the archives or a logfile, or maybe a "view original
>  post" option in the archives, something possibly admin-only?.

	The message as it was originally received by Mailman should be in 
the appropriate 
/usr/local/mailman/archives/private/listname.mbox/listname.mbox file, 
and the admin would be able to inspect that to get an idea of what 
happened.  At least, I think the message gets saved there before 
stripping and sanitization is performed.

	As far as log data is concerned, assuming you get there before 
the data in syslog is aged out and thrown away, you should have a 
record of that message-id coming into the system, and then a 
different message-id going back out (after the mailing list 
sanitization is done, etc...).

	Unfortunately, Mailman doesn't provide a whole lot of logging 
data itself, so it takes more work to figure out what features 
were/were not triggered, in which logs there may be useful data, 

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the Mailman-Users mailing list