[Mailman-Users] my mailman has been hacked !!
khillo100 at hotmail.com
Sat May 30 23:59:50 CEST 2009
Ok I have a set of problems here..
First, posting to the list using Approved: header as the first line of the message body did not work becasue I'm sending formatted messages using Microsoft outlook with tables n stuff ..
Second, I tried the following: keep an email address as non moderated to be able to post to the list and in General options, I turned the option :
Hide the sender of a message, replacing it with the list address = YES
this way hackers n spammers won't know which address is allowed to post but now the subscribers are recieving From: listname at mydomain.com and not from: 'My web site's Name' which is annoying..
Third, I can't afford to turn everyone's moderation bit on even my own address and then approve the messages using the web interface for 2 reasons:
1- I have 7 lists which is a real pain to log into each one of them and approve the messages..
2- I'm afraid to approve one of the tens of spam and members messages by mistake ..
what's the advice??
> Date: Wed, 27 May 2009 16:39:28 -0700
> From: mark at msapiro.net
> To: jeffrey at goldmark.org; khillo100 at hotmail.com
> CC: mailman-users at python.org
> Subject: Re: [Mailman-Users] my mailman has been hacked !!
> Jeffrey Goldberg wrote:
> >On May 27, 2009, at 1:23 PM, Khalil Abbas wrote:
> >> all members are moderated, except my own email address
> >> (my at email.com) which I use to post to the list ..
> >> someone sent from my address
> >> the 'From' name is not me,
> >Please clarify. Did the From line contain your email address (my at email.com
> >) or not? You seem to be saying two different things.
> >If, as I suspect, someone is merely forging your address to post to
> >the list, there are two things that you can do (I would recommend that
> >you do (1) as an immediate and temporary measure, until you can get
> >(2) in place).
> >(1) Moderate even your own postings, so that your list moderator
> >password is required to post, even if "from" your own address.
> >(2) Improve the spam/virus filtering on your mailserver. A forged
> >message from an open relay containing a virus should have been stopped
> >by your mail system long before it reached mailman.
> Two comments in addition to the above good advice.
> 1) Almost anyone can spoof your address in the From: of an email. This
> does not require an open relay server or anything fancy. Almost any
> MUA can do it.
> 2) That is why for announce lists we recommend moderating everyone and
> if you want to avoid moderation when posting, use an Approved: header
> to bypass moderation. See the FAQs at <http://wiki.list.org/x/3YA9>
> and <http://wiki.list.org/x/XIA9>.
> Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
> San Francisco Bay Area, California better use your sense - B. Dylan
Windows Live™: Keep your life in sync. Check it out!
More information about the Mailman-Users