[Mailman-Users] non-subscriber managed to post to a subscriberonly list

Grant Taylor gtaylor at riverviewtech.net
Mon Jan 26 23:49:37 CET 2009

On 01/26/09 16:26, Steve Lindemann wrote:
> Thanks! Got it!  They spoofed a legitimate list member on the 
> Return-Path:, which also showed up on the first ("From ") message header 
> line.  The From:, Reply-To: reflected the purported spammer and there 
> was no Sender: in the raw mbox file.  The good news is that there was no 
> Approved: or Approve: but we're changing passwords anyway.

I would be willing to bet that the spoofed member is really the source 
of the message.  I would not be at all surprised if that members 
computer has malware on it that sent the email (after harvesting it from 
the address book) via the default email client and thus the list members 

I think it would be worth asking the member to send an email to you (or 
reply to a request) and compare the headers.  If the headers are almost 
identical, I'd ask them to run a virus and malware scanner on their 
computer.  I'd ask even stronger if all the spam messages that came in 
came from that same system.

Grant. . . .

More information about the Mailman-Users mailing list