[Mailman-Users] Is there a security hole in Mailman?
Jon D. Slater
Jon.Slater at LPBroadband.Net
Mon Feb 13 17:31:00 CET 2006
> -----Original Message-----
> From: mailman-users-bounces+jon.slater=lpbroadband.net at python.org
> [mailto:mailman-users-bounces+jon.slater=lpbroadband.net at python.org]
> On Behalf Of Jeff Donsbach
> Sent: Sunday, February 12, 2006 10:10 AM
> To: mailman-users at python.org
> Subject: Re: [Mailman-Users] Is there a security hole in Mailman?
>
> On 2/12/06, Jon D. Slater <Jon.Slater at lpbroadband.net> wrote:
> > Hi All,
> >
> > Is there a security hole in Mailman?
> >
> >
> > How are the evil spammers harvesting my list names when they aren't
> > on
> the
> > 'listinfo' page?
> >
>
> >From the address book(s) of one or some of you subscribers infected
> with a virus/worm?
>
> >
> > And, more importantly, is there a way to prevent it? (BTW, I'm also
> using
> > SPAM ASSASSIN and a lot of these SPAM messages still get through.)
> >
>
> Is your list set for "subscribers only" posting? Set your list to hold
> posts from non-members for moderation.
>
> Keep feeding the spam messages to "sa-learn".
>
> Jeff D
I'm already doing that. My complaint is that I have to go in and manually
reject or ignore these messages.
How are they getting my list names in the first place?
I don't believe this is an issue where an individual user may have been
compromised, because no single user accesses all the groups on all of the
servers.
Jon
More information about the Mailman-Users
mailing list