[Mailman-Users] Targeted attack against german universities using mailman

Mark Sapiro mark at msapiro.net
Tue May 9 15:53:13 EDT 2017

On 05/09/2017 07:39 AM, Julian Kippels wrote:
> I am pretty confident that these were not two different messages. I
> have compared the mail headers of both the mail that was held and the
> one that was delivered. Everything apart from the headers mailman adds
> is exactly the same. Same timestamps, same message-ids, and so on...

Unless there is some serious bug that I've never seen before, Mailman
will not hold a post and also deliver it to the list members without
moderator approval.

As far as post acceptance, the default setting for SENDER_HEADERS is
('from', None, 'reply-to', 'sender') which means that the post will be
accepted ias a member post if any of the From: header, the Unix From
(i.e. envelope sender), Reply-To: header or Sender: header contains a
member address. If all you have of the post that went to the list is the
post received from the list, the envelope sender will be different, but
you can find the original in your MTA logs [1] and the Sender: will have
been rewritten but the others may be as received by Mailman depending on
list settings.

[1] You should be able to tell from MTA logs how many incoming messages
there were and to where they were delivered.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list