[Mailman-Developers] Indirect Spam Vulnerability
Matt Helsley
larva at linux.ucla.edu
Wed Jun 18 16:38:33 EDT 2003
I thought I'd describe a spam problem related to mailman I'm having and
propose the solution. If anyone can tell me one way or another whether
mailman avoids this "spam attack" I would appreciate it.
I have two lists: foo at myhost.com
moderated at myhost.com
The spammer sends forged as foo at myhost.com to moderated at myhost.com. The
mail gets held for approval and a message gets sent to foo at myhost.com
informing it that the message has been held (often times the subject line
is mentioned and contains lewd content which I'd rather not have sent out
to subscribers on foo at myhost.com). This is why I used the word 'indirect
spam'.
Couldn't mailman redirect bounce/moderation notifications in the case
where the FROM address is a mailman list and send it to the site/list
administrator instead (or maybe drop it completely??)? I think this would
avoid spamming the list subscribers while adding a minor load to the
administrator's work.
Does mailman 2.1.x already do this? If not, would this break something in
mailman? Is it unreasonably restrictive on the site/list administrator(s)?
I'm running 2.0.x (debian stable iirc)
Thanks,
-Matt Helsley
More information about the Mailman-Developers
mailing list