[Mailman-Users] Is there a security hole in Mailman?

Mark Sapiro msapiro at value.net
Mon Feb 13 21:35:38 CET 2006

Jon D. Slater wrote:
>How are they getting my list names in the first place?
>I don't believe this is an issue where an individual user may have been
>compromised, because no single user accesses all the groups on all of the

It's likely you are correct, but you may be surprised if you could find
how many of your list members have spyware on their machines.

How do people find out about your lists? Any possibility of a leak

You don't mention archives. Do your lists have public archives?

As far as your original question is concerned, I don't think we're
aware of any way for list names/posting addresses to be available via
your web server as long as your lists are not 'advertised', your
archives are private and your web server runs as a user/group that
can't directly access your Mailman installation.

Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list