[Mailman-Users] non-subscriber managed to post to a subscriber onlylist

[Brad Knowles]

on 1/26/09 4:03 PM, Barry Finkel said:

> We had a case last week when someone sent mail with a spoofed
> 
>      "From: ...."
> 
> line that contained the e-mail address of the list owner.  The mail
> was delivered to us via a SMTP mailer of an ISP, and we have in the
> mail headers the IP address of the sender.

Someone tried to hit the mailman-users list like this, and forged my own 
e-mail address to do it.  Fortunately, they got caught by our anti-spam 
filters and rejected, and I only found out because the bounce message 
was not deliverable.  Oy.

I have complained to the ISP in question, but the problem is that 
replies to that message are going to run afoul of the same anti-spam 
filter, so I'm probably not going to see them.  I'm in the process of 
trying alternative methods of contact.

Fortunately for me, I happen to know the guy who runs the Internet 
Security group at this large broadband ISP (he's a former co-worker of 
mine from my AOL days), and he is the primary reason why I consider this 
to be one of the best large ISPs around.


Yes, I am going to be tightening the security on this list.

-- 
Brad Knowles
<brad at shub-internet.org>        If you like Jazz/R&B guitar, check out
LinkedIn Profile:                 my friend bigsbytracks on YouTube at
<http://tinyurl.com/y8kpxu>    http://preview.tinyurl.com/bigsbytracks