[Mailman-Users] non-subscribers getting through--email address in "Real Name"
Mark Sapiro
mark at msapiro.net
Wed Jul 18 22:30:07 EDT 2018
On 07/18/2018 06:28 PM, Matt Morgan wrote:
> On one of my lists I'm seeing some spam from non-subscribers getting
> through. It appears that the trick is to put a subscriber's address in the
> "real name" of the sender. E.g., this got through, without being held for
> moderation, on a list with generic_nonmember_action = discard (emails of
> the innocent obfuscated):
>
> *From:* "xxx at johnxxx.com <jgl at johngreenwaltlee.com>" <enrollment at ekonek.com>
I'm not sure what the actual incoming From: looked like. I'm sure the
asterisks in *From:* are some MUA's bolding artifact, but that
notwithstanding, if the header was
From: "xxx at johnxxx.com <jgl at johngreenwaltlee.com>" <enrollment at ekonek.com>
Mailman will parse that as
real name: 'xxx at johnxxx.com <jgl at johngreenwaltlee.com>'
address: 'enrollment at ekonek.com'
and the only address checked for list membership will be
enrollment at ekonek.com
In any case, if you haven't changed the setting of SENDER_HEADERS in
mm_cfg.py, Mailman will consider a post to be from a list member if any
of the From: header, the envelope sender, the Reply-To: header or the
Sender: header contains the member address as an address, not as a real
name.
It is trivial to spoof a member address in one of those places.
As far as what happened in this case, I can't say without seeing the
original message as received by Mailman before various headers were
munged and the post sent to the list.
If you want to diagnose this, you can temporarily add a local file to
the alias for the list posting address to capture the incoming mail, at
least if mailman's delivery is via aliases.
I.e., if you currently have an alias like
listname: "|/path/to/mail/mailman post virt"
add a file as in
listname: "|/path/to/mail/mailman post listname"
/path/to/file
Then the MTA will save the message to 'file' as well as delivering it to
mailman.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list