[Mailman-Users] non-subscriber managed to post to a subscriberonly list
Grant Taylor
gtaylor at riverviewtech.net
Mon Jan 26 23:49:37 CET 2009
On 01/26/09 16:26, Steve Lindemann wrote:
> Thanks! Got it! They spoofed a legitimate list member on the
> Return-Path:, which also showed up on the first ("From ") message header
> line. The From:, Reply-To: reflected the purported spammer and there
> was no Sender: in the raw mbox file. The good news is that there was no
> Approved: or Approve: but we're changing passwords anyway.
I would be willing to bet that the spoofed member is really the source
of the message. I would not be at all surprised if that members
computer has malware on it that sent the email (after harvesting it from
the address book) via the default email client and thus the list members
ISP.
I think it would be worth asking the member to send an email to you (or
reply to a request) and compare the headers. If the headers are almost
identical, I'd ask them to run a virus and malware scanner on their
computer. I'd ask even stronger if all the spam messages that came in
came from that same system.
Grant. . . .
More information about the Mailman-Users
mailing list