[Mailman-Users] List limited to subscribers hit with virus fromnon-subscriber

[texas critter]

SML wrote:

> I'm trying to understand why a post from a non-subscriber (as per the
> from address) would have been sent through, when all other posts by
> non-subscribers are held for moderation.

I had this same thing happen a couple months ago and a little investigation
turned up the fact that Mailman checks several fields for member email
addresses for posting privileges.  Mailman looks at not just the From
field, but also the Envelope-From field (which is then removed when the
message is distributed to the list).

The virus gets thru by forging the Envelope-From with a (random) address
plucked from the infected computer and then it puts a different address in
the From field that's visible when Mailman distributes the message to the
list.  The Envelope-From address is a valid list member address and that's
how it gets thru to the list.

That's the Beagle.C virus that you got, it's the same one that hit the
largest list I host, over 1,200 people, so I got swamped with people asking
what they needed to verify to keep their email account.  arrgghh.

To prevent this from happening again, I edited my mm_cfg.py file to add
this line:

SENDER_HEADERS = ('from')

which restricts Mailman to looking *only* at the From field for checking
posting privileges.

This will not prohibit all viruses, if a virus puts a list member's email
address in the From field and the right list address in the To field and
the list member isn't moderated, then the virus will go thru to the list
but this will stop the Beagle.C virus getting thru to your lists.

hth,
texas critter

--
EL-M FAQ: http://www.emaillist-managers.com/