[Mailman-Users] Non-members seemingly able to post

[Mark Sapiro]

Robert Boyd Skipper wrote:
>
>Thank you for this information.  The headers don't seem to be the problem, as they 
>contain non-member emails.  I don't have direct access to the mm_cfg.py file, and I 
>can't find a user_envelope_sender in the web-based administration pages.  So I haven't 
>checked into that.


Here's something you can try. Since you don't have access to mm_cfg.py,
I assume you don't have direct access to
archives/private/listname.mbox/listname.mbox either, but you can get
it from the web (if it's not too humongous) with a URL like
<http://www.example.com/mailman/private/listname.mbox/listname.mbox>.
If you find the message(s) there, the initial "From " line and the
Return-Path:, if any, have the envelope sender. Then, the Reply-To:
and Sender: if any will be as in the original post, assuming your list
isn't anonymous and doesn't mung the Reply-To:


>However, I do have one more fact that may be relevant.  I just received another spam 
>posting that got through.  It and the previous one both have emails that begin with an 
>underscore: _pearl at absinth.com and _nlahtien at musikverein-altenhof.de
>So, as a possible quick fix, I've set the Spam filter rule 1 to the following
>
>from: _.*@.*
>
>Maybe this will work?


It should, assuming there's no 'real name' between From: and the
address and the address isn't in <>. I woul be inclined to try
something along the lines of

  ^from:.*[ <]_[^<> ]+ at .*

If you give this rule a Hold action, then you can see the original held
message with the original incoming headers intact. You will even see
the presence of an Approved: header or body line if any, although this
isn't likely to be the reason the message gets through as it requires
the list's admin or moderator password.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan