[Mailman-Users] Are there any known exploits in 2.1.5 re request email address and spamming?

Martin J. Evans martin.evans at easysoft.com
Fri Sep 19 21:33:10 CEST 2008


I've inherited a 2.1.5 mailman. In the last few days we've been 
blacklisted by a  number of major sites. On further investigation it 
looks like our mailman has been compromised in some way. Emails to the 
request address are somehow being used to send spam. There are literally 
thousands of them. I've stopped the list for now. Obviously 2.1.5 is way 
out of date but I've looked at the changes since then and cannot see 
something which looks like this issue although a search for mailman 
request exploit brings up a number of entries which are not very 
detailed. Does anyone know of an exploit in 2.1.5 which allows spam to 
be sent via mailman in 2.1.5?

Thanks

Martin


More information about the Mailman-Users mailing list