[Mailman-Users] non-subscriber managed to post to a subscriberonly list

[Russell Clemings]

A low-tech fix I've used is to set "max_num_recipients" to a really
low number, like 2 or 3. Anything more than that, and the post gets
held for approval. Virtually every time I've seen a spam post that
spoofs a member's email address, it's had more than a couple of
recipients.

rac

> ---------- Forwarded message ----------
> From: Steve Lindemann <steve at marmot.org>
> To: mailman-users at python.org
> Date: Mon, 26 Jan 2009 15:26:53 -0700
> Subject: Re: [Mailman-Users] non-subscriber managed to post to a subscriberonly list
> Mark Sapiro wrote:
>>
>> Right. That's why you have to look at the raw archive mbox file (not
>> the html archive or the periodic .txt or .txt.gz file). That's the
>> only place that will have the original envelope sender in the "From "
>> separator and the original Sender:.
>
> Thanks! Got it!  They spoofed a legitimate list member on the Return-Path:, which also showed up on the first ("From ") message header line.  The From:, Reply-To: reflected the purported spammer and there was no Sender: in the raw mbox file.  The good news is that there was no Approved: or Approve: but we're changing passwords anyway.
>
> I don't suppose there's anything we can do about this other than change that particular user's email address... is there?
> --
> Steve Lindemann                         __
> Network Administrator                  //\\  ASCII Ribbon Campaign
> Marmot Library Network, Inc.           \\//  against HTML/RTF email,
> http://www.marmot.org                  //\\  vCards & M$ attachments
> +1.970.242.3331 x116