[Mailman-Users] Help stopping Virus sent to lists "from" my domain
ted
ted at ire.org
Thu Mar 11 18:50:25 CET 2004
Calab,
I just posted a bug ticket for this problem. You are the 3rd or 4th
person, including me, to have reported this to mailman-users
recently. The bug ticket is here:
http://sourceforge.net/tracker/?group_id=103&atid=100103
Please add your comments to the item so the developers take this
seriously. If you don't have a SourceForge account, you can create one
here: http://sourceforge.net/account/register.php
Thanks.
--Ted
On Thu, 11 Mar 2004, Caleb Epstein wrote:
> On Thu, Mar 11, 2004 at 11:59:50AM -0500, Caleb Epstein wrote:
>
> > Here is a sample message:
> > http://bklyn.org/~cae/mailman-stumper.txt
>
> OK, I've found out a little bit more about the exploit. The
> message is sent with an envelope-from (I think thats the right
> term) of an actual list subscriber, one who has permission to
> post to the list, but the From: header is one of these made-up
> official addresss:
>
> From my mail server's logs (subscriber's address mangled):
>
> 2004-03-11 16:31:44 1B1T5z-0009zY-00 <= SUBSCRIBER at DOMAIN.COM H=(srr2) [192.168.100.17] P=smtp S=17730 id=pbecvykwgcgqjemyxjx at Etree.org from <SUBSCRIBER at DOMAIN.COM> for Announce at etree.org
>
> From mailman's "post" log:
>
> Mar 11 16:32:20 2004 (98296) post to announce from management at etree.org, size=2189, message-id=<pbecvykwgcgqjemyxjx at Etree.org>, success
>
> Any suggestions on how to catch this forgery?
>
>
More information about the Mailman-Users
mailing list