[Mailman-Users] Is there a security hole in Mailman?

Jon D. Slater Jon.Slater at LPBroadband.Net
Sun Feb 12 16:59:01 CET 2006

Hi All,


I've been away from this list for a while, so the question may have already
been asked (and answered).


Is there a security hole in Mailman?


Here's what I mean.


I'm running several servers, all running mailman.  *None* of my lists are
displayed publicly when you view the mailman/listinfo page.


When-ever I use a non-mailman email address on one of my web pages, I always
'munge' it using a java script.


Lately I've been bombarded by 100's of spam e-mail messages, but *only to my
Mailman lists*.  My non-mailman e-mail address (which are munged with java),
are never hit.


How are the evil spammers harvesting my list names when they aren't on the
'listinfo' page?


And, more importantly, is there a way to prevent it?  (BTW, I'm also using
SPAM ASSASSIN and a lot of these SPAM messages still get through.)





More information about the Mailman-Users mailing list