[Mailman-Users] Spam Problem

Nancy Shoemaker mbx at sgtst.com
Tue Oct 7 17:06:47 CEST 2008

I've seen one recent instance of this as well.

Mailman version - 2.1.11

 From the log file:
Oct 06 08:14:21 2008 (25523) post to aauwnc-list from 
noreply at myyearbook.com, size=7721, 
message-id=<B7.79.09034.A5CF9E84 at smtp01.scs.myyearbook.com>, success

"noreply at myyearbook.com" is not a subscriber (!), and the the 
"generic_nonmember_action" is set to "discard".

I sent a support request to MyYearbook.com (which does look like a 
valid site -- though with loose rules on encouraging subscribers to 
invite others), but haven't heard back.

The headers of the message that got through to the list didn't 
include any reference to a subscriber to the list, but a message that 
was delivered to my personal mailbox had a "Reply-To" header that 
allowed me to track down the subscriber who probably inadvertently 
spammed her entire address book with these messages. In other words, 
the headers of the message I got outside of Mailman included:

From: myYearbook.com<noreply at myyearbook.com>
Subject: Is Barbara Your Friend? Please respond!!
x-mybid: bmFuY3lzaG9lbWFrZXJAbWluZHNwcmluZy5jb20=
To: <my personal address>
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
Reply-To: "Barbara" <a list subscriber's address>

I don't see the "Reply-To" header in the Mailman message (and, 
indeed, the message that got through to the list has no way to tell 
which Barbara sent it).

I believe this is the expected behavior for mismatched "reply-to" and 
"From" headers. Is there any way that such a mismatch could be 
considered a flag to be logged (so the real sender could be tracked 
down) or to trigger moderation -- with exceptions for "reply to the 
list" of course?

More information about the Mailman-Users mailing list