[Mailman-Users] List limited to subscribers hit with virus from non-subscriber

SML parallax at lafn.org
Sat Apr 17 01:46:44 CEST 2004 

I have a list in which posting is limited to list subscribers only. One
of the list members was hit with a virus and forwarded a post with virus
attachment to the list. 

I'm trying to understand why a post from a non-subscriber (as per the
from address) would have been sent through, when all other posts by
non-subscribers are held for moderation.

I'm no expert by any means, but it looks as if the message ID field was
inserted into the from field. Would this have caused mailman to allow
this post to the list instead of holding it for moderation as a post by
a non-subscriber? 

Many thanks in advance for any help or enlightment you can provide.

/SML



Below are the log entries created by the problem post 
(domain XXXXX'ed) 

-----------------------------------------------------

bounce:Apr 15 11:01:08 2004 (3512) bounce message w/no discernable    
     addresses: <hmebblxdfidyjjljdtk at XXXXX.org>

bounce:Apr 15 11:01:08 2004 (3512) forwarding unrecognized, message-id: 
     <hmebblxdfidyjjljdtk at XXXXX.org>

post:Apr 15 11:00:41 2004 (3521) post to lamp-user_maillist.lampsig.org 
     from management at XXXXXX.org, size=34876, 
     message-id=<hmebblxdfidyjjljdtk at XXXXX.org>, success

smtp:Apr 15 11:00:41 2004 (3521)
     <hmebblxdfidyjjljdtk at XXXXX.org> 
     smtp for 42 recips, completed in 0.756 seconds




Here are the headers from the post containing the virus Note that the
headers state the the post is from 'management at XXXXX.org' but the log
list the message ID as the from address

-------------------------------------------------------

Received: from XXXXX (XXXXX [IP])
        by XXXXX (8.8.8/8.8.8) with ESMTP id IAA04485
        for <XXXXX>; Thu, 15 Apr 2004 08:01:12 -0700 (PDT)
        (envelope-from LISTNAME-bounces at XXXXX)
Received: from localhost ([127.0.0.1] helo=XXXXX)
        by XXXXX with esmtp (Exim 4.24)
        id 1BE8M5-0002pn-Cu; Thu, 15 Apr 2004 11:00:41 -0400
Received: from [IP] (helo=XXXXX)
        by XXXXX with smtp (Exim 4.24) id 1BE8M0-0002pS-N2
        for LISTNAME at XXXXX; Thu, 15 Apr 2004 11:00:37 -0400
Date: Thu, 15 Apr 2004 08:04:39 -0800
To: LISTNAME at XXXXX.org
From: management at XXXXXX.org
Message-ID: <hmebblxdfidyjjljdtk at maillist.XXXXX.org>

More information about the Mailman-Users mailing list