[Mailman-Users] Is there a security hole in Mailman?
Jon D. Slater
Jon.Slater at LPBroadband.Net
Sun Feb 12 16:59:01 CET 2006
I've been away from this list for a while, so the question may have already
been asked (and answered).
Is there a security hole in Mailman?
Here's what I mean.
I'm running several servers, all running mailman. *None* of my lists are
displayed publicly when you view the mailman/listinfo page.
When-ever I use a non-mailman email address on one of my web pages, I always
'munge' it using a java script.
Lately I've been bombarded by 100's of spam e-mail messages, but *only to my
Mailman lists*. My non-mailman e-mail address (which are munged with java),
are never hit.
How are the evil spammers harvesting my list names when they aren't on the
And, more importantly, is there a way to prevent it? (BTW, I'm also using
SPAM ASSASSIN and a lot of these SPAM messages still get through.)
More information about the Mailman-Users