[Mailman-Users] Help stopping Virus sent to lists "from" my domain
Caleb Epstein
cae at bklyn.org
Thu Mar 11 18:28:20 CET 2004
On Thu, Mar 11, 2004 at 11:59:50AM -0500, Caleb Epstein wrote:
> Here is a sample message:
> http://bklyn.org/~cae/mailman-stumper.txt
OK, I've found out a little bit more about the exploit. The
message is sent with an envelope-from (I think thats the right
term) of an actual list subscriber, one who has permission to
post to the list, but the From: header is one of these made-up
official addresss:
From my mail server's logs (subscriber's address mangled):
2004-03-11 16:31:44 1B1T5z-0009zY-00 <= SUBSCRIBER at DOMAIN.COM H=(srr2) [192.168.100.17] P=smtp S=17730 id=pbecvykwgcgqjemyxjx at Etree.org from <SUBSCRIBER at DOMAIN.COM> for Announce at etree.org
From mailman's "post" log:
Mar 11 16:32:20 2004 (98296) post to announce from management at etree.org, size=2189, message-id=<pbecvykwgcgqjemyxjx at Etree.org>, success
Any suggestions on how to catch this forgery?
--
Caleb Epstein | bklyn . org | BOFH excuse #260:
cae at | Brooklyn Dust |
bklyn dot org | Bunny Mfg. | We're upgrading /dev/null
More information about the Mailman-Users
mailing list