[Mailman-Users] list address in From: line post message to closed list

Dragon dragon at crimson-dragon.com
Fri Apr 4 00:08:52 CEST 2008 

Steve Lindemann sent the message below at 14:43 4/3/2008:
>Dragon wrote:
>>Steve Lindemann sent the message below at 12:18 4/3/2008:
>>>
>>>The problem - when the list email address is (spoofed) in the From: line
>>>(as well as being on the To: line) the message posts to the list.  The
>>>ability to post to the list is supposed to be restricted to only list
>>>members.  The list address is not in the list of list members.
>>>
>>>Is this normal?  I checked the config and there did see anything to
>>>allow this behavior there.  Is the list email address automatically
>>>considered to be a member of the list?  I can always block it in
>>>"privacy options->sender filters", but should that even be necessary?  Help!
>>---------------- End original message. ---------------------
>>This seemed rather strange to me too so I decided to test it on my 
>>server. I have 2.1.10b3 installed from source on a Redhat machine. 
>>My list is configured for posts from non-members to be discarded.
>>I sent a message to one of my lists using the list address in the 
>>From: header. The message was discarded as I expected it would be 
>>and I confirmed this by an entry in the vette log.
>>So it works on my installation as I expect it would. The question 
>>now is, what is the difference between my source install and your 
>>installation. Are you using a cPanel or Plesk version, or a version 
>>installed from somebody else's package maybe through yum or something similar?
>>Are you certain that the message was distributed via the list?
>>Is it in the list archive?
>>Can you match the message ID to one in the post log?
>>If you can see it in the archive and post log then it did get 
>>processed through mailman. If not, perhaps it was BCC'ed to your 
>>address or there is something else going on with your MTA.
>>Dragon
>
>I'm running version 2.1.9, installed from a tarball on a Dell server 
>running CentOS 5.  I administer from the command line and thru the 
>web interface.  It's a pretty basic install.

Now when you say it's from a tarball, is it a binary install or did 
you compile it (configure, make, make install, etc.)?

Where did you obtain this version?

If it isn't from one of the links on the page linked below, it may 
have been altered in some way by somebody else to conform to some 
distribution specific criteria.

http://www.gnu.org/software/mailman/mailman.html


>I went thru the logs and saw the message hit our email server 
>(originally from 5850-260-1-62.dialup.samtel.ru), it gets passed to 
>mailman and I see the  post entry showing it's arrival into mailman 
>then then smtp entry showing it's delivery back to the email 
>server.  I confirmed the delivery to the 144 recipients (fortunately 
>this is a small list) in the mail log.  I am one of the recipients 
>on this list, but in my case spamassassin flagged the message and it 
>gets filtered away.
>
>I just widened my search thru the mailman logs and noticed some 
>other lists (in the vette log) holding messages for moderation with 
>the list email in the From: line.  So it does appear to be something 
>in this specific list that's misconfigured.  I'm off to poke around 
>the config again but I'd be very interested in any suggestions about 
>what I might be looking for!?  My first pass thru the config I was 
>looking for something that would allow this to happen and didn't see it.

If this is a stock install from the mailman source, I've pretty much 
exhausted my ideas. The only settings I know that should affect the 
ability to deliver an e-mail are:

accept_these_nonmembers
generic_nonmember_action
header_filter_rules

I've looked through all the other options and don't see anything 
there that would possibly allow something through. The only other 
thing I can think of is that this mail might have been held and 
accidentally accepted or it might have been sent with an Approved: 
header with the list or site password.

Dragon

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

More information about the Mailman-Users mailing list