[Mailman-Developers] Mailing lists exploited
Barry Warsaw
barry at list.org
Mon May 15 18:19:09 EDT 2017
On May 15, 2017, at 11:03 AM, Mark Sapiro wrote:
>It's not done in Mailman 3.
>
>For mailman 2.1, the administrator email addresses are a mailto: link the
>goes to the LISTNAME-owner address, but the email addresses are exposed and
>only mildly obfuscated ('@' -> ' at ').
>
>I would consider adding a configuration option to either obfuscate the
>addresses further (e.g. drop the domain entirely) or replace the text with
>something like "Listname list run by listname-owner at example.com".
I'm a little confused by the OP. Is it:
1) A message to the posting address From: LISTNAME-owner at example.com is not
being moderated? I would expect it to be since that address is not a member
of the list.
2) Emailing To: LISTNAME-owner at example.com directly which would end up
spamming the list owners?
MM3 doesn't currently moderate messages sent to the list owners, but it
could. Messages to -owners flows through a different, shorter chain of rules
and pipeline, but I've always thought that that would be configurable.
-Barry
More information about the Mailman-Developers
mailing list