[Mailman-Users] Want posts from mylist to mylist to be held

Donna Dierker donna at brainvis.wustl.edu
Wed Apr 22 17:39:10 CEST 2009 

On 04/22/2009 09:23 AM, Mark Sapiro wrote:
> Donna Dierker wrote:
>   
>> Recently, a spam message was successfully posted to mylist.  The "From"
>> field showed mylist at myserver.edu (i.e., the same address that one uses
>> when posting *to* mylist).  Looking in the list of subscribers, I don't
>> see 'mylist' as a member.  And typically posts do not come from the
>> list; rather, they are just posted *to* the list *from* an individual
>> subscriber's email address.
>>
>> Why aren't posts *from* mylist at myserver.edu being rejected, since
>> mylist at myserver.edu is a non-member from the point of view of the list?
>>     
>
>
> They should be. It may be too late to find why this one was accepted,
> but if you have access, you can find the post in the
> archives/private/LISTNAME.mbox/LISTNAME.mbox file and see some of the
> original headers.
>
> A post is considered to be from a list member if any of From:,
> Reply-To: or Sender: or the envelope sender is a list member.
>   
You're right, and in checking this I discovered another case of spam 
that I didn't notice earlier.  In both cases, the spammer spoofed the 
 From address of legitimate list members (but who clearly did not send 
these messages, since one of the spoofed addresses was mine).
> It is also possible, although not likely, that the spammer knows the
> list admin or moderator password and put an "Approved: password"
> header in the post, but if this was done, the evidence will be gone.
>
>
>   
>> I thought about putting From: mylist at myserver.edu in the spam filter,
>> and setting the action to Hold; however, I don't want a message being
>> sent to everyone on mylist every time a spam message gets held for
>> moderator approval.  I do, however, want these messages held, so I can
>> inspect them.  (Or at least a copy emailed to me, the list moderator,
>> before the message is discarded.)
>>     
>
>
> This is difficult. You could use header_filter_rules to discard the
> message, but then you won't see it even with forward_auto_discards
> true because that applies only to moderated and non-member auto
> discards.
>
> If you hold the message, the notice to the sender, even if to the list,
> should not be accepted as it is from LISTNAME-bounces, but if you want
> to be really sure, you could set respond_to_post_requests to No so
> there is no held notice back to the poster.
>
>

More information about the Mailman-Users mailing list