[Mailman-Users] my mailman has been hacked !!

Mark Sapiro mark at msapiro.net
Thu May 28 01:39:28 CEST 2009

Jeffrey Goldberg wrote:

>On May 27, 2009, at 1:23 PM, Khalil Abbas wrote:
>> all members are moderated, except my own email address  
>> (my at email.com) which I use to post to the list ..
>> someone sent from my address
>> the 'From' name is not me,
>Please clarify.  Did the From line contain your email address (my at email.com 
>) or not?  You seem to be saying two different things.
>If, as I suspect, someone is merely forging your address to post to  
>the list, there are two things that you can do (I would recommend that  
>you do (1) as an immediate and temporary measure, until you can get  
>(2) in place).
>(1) Moderate even your own postings, so that your list moderator  
>password is required to post, even if "from" your own address.
>(2) Improve the spam/virus filtering on your mailserver.  A forged  
>message from an open relay containing a virus should have been stopped  
>by your mail system long before it reached mailman.

Two comments in addition to the above good advice.

1) Almost anyone can spoof your address in the From: of an email. This
does not require an open relay server or anything fancy. Almost any
MUA can do it.

2) That is why for announce lists we recommend moderating everyone and
if you want to avoid moderation when posting, use an Approved: header
to bypass moderation. See the FAQs at <http://wiki.list.org/x/3YA9>
and <http://wiki.list.org/x/XIA9>.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list