[Mailman-Users] non-subscriber managed to post to a subscriber only list
Lindsay Haisley
fmouse-mailman at fmp.com
Mon Jan 26 22:15:17 CET 2009
Is it possible that the list mod or admin password got out? I believe
than anyone can post to a moderated list by putting an "Approved:
<password>" header or pseudo-header in a post.
On Mon, 2009-01-26 at 13:40 -0700, Steve Lindemann wrote:
> Had something strange occur early Saturday morning. A non-subscriber
> managed to successfully post to two member only lists (and, of course,
> it was spam).
>
> The bogus sender (thelevisstoreonline at levis.rsys1.com) is not a member
> of these member only lists and is not in the accept_these_nonmembers
> filter. Other non-member posts are being caught and sent to moderation.
> Is there something else that I should be looking at?
>
> I checked the logs and the sender sent to 5 of our hosted lists. They
> were caught (per the vette log) by 3 of those lists as a non-member, but
> posted successfully to the other 2 lists (per smtp and post logs).
>
> I've checked the docs and faqs and haven't found a reference for
> something like this. I've checked all the logs and the configs (via the
> web interface) on the two lists that posted allowed the post. I can't
> find any reason for it and have to wonder if I'm checking everything.
> I've looked thru everything that makes sense and much that doesn't. If
> I had hair I'd be pulling it out!
--
Lindsay Haisley | "In an open world, | PGP public key
FMP Computer Services | who needs Windows | available at
512-259-1190 | or Gates" | http://pubkeys.fmp.com
http://www.fmp.com | |
More information about the Mailman-Users
mailing list