[Mailman-Users] Mail Lists, Authorized Posters and Virus/Worm Access
Lloyd Tennison
lloyd_tennison at whoever.com
Wed May 5 11:46:40 CEST 2004
Set the mm_cfg.py and see Default.py for this info:
# The envelope sender is set by the SMTP delivery and is thus less easily
# spoofed than the sender, which is typically just taken from the From: header
# and thus easily spoofed by the end-user. However, sometimes the envelope
# sender isn't set correctly and this will manifest itself by postings being
# held for approval even if they appear to come from a list member. If you
# are having this problem, set this variable to No, but understand that some
# spoofed messages may get through.
USE_ENVELOPE_SENDER = No MAKE YES!
This will help block some of your problem - unauthorized posts. The virus checker still goes.
----- Original Message ---------------
>Return-path: <mailman-users-bounces at python.org>
>Received: from mail.python.org (mail.python.org [12.155.117.29])
> by spf6.us4.outblaze.com (Postfix) with ESMTP id 3D823539AA
> for <lloyd_tennison at whoever.com>; Wed, 5 May 2004 09:31:55 +0000 (GMT)
>Received: from localhost.localdomain ([127.0.0.1] helo=mail.python.org)
> by mail.python.org with esmtp (Exim 4.22)
> id 1BLIqm-0005AH-BH; Wed, 05 May 2004 05:38:00 -0400
>Received: from ext-proxy-1.ftel.co.uk ([192.65.220.99])
> by mail.python.org with esmtp (Exim 4.22) id 1BLIqc-00054C-Ex
> for mailman-users at python.org; Wed, 05 May 2004 05:37:50 -0400
>Received: from utility-2.ftel.co.uk (utility-2.ftel.co.uk [193.112.172.11])
> by ext-proxy-1.ftel.co.uk
> (8.12.10/8.12.9/Revision:1.91/relay-in/ssl/db) with ESMTP id
> i459baXi019160; Wed, 5 May 2004 10:37:40 +0100
>Received: from [172.16.3.104] (barrett-mac.ftel.co.uk [172.16.3.104])
> by utility-2.ftel.co.uk (8.12.9+Sun/8.12.9/Revision:1.90/db) with ESMTP
> id i459bQEp012506; Wed, 5 May 2004 10:37:29 +0100 (BST)
>In-Reply-To: <6.0.0.22.2.20040505011923.01f2d828 at pop.west.cox.net>
>References: <6.0.0.22.2.20040505011923.01f2d828 at pop.west.cox.net>
>Mime-Version: 1.0 (Apple Message framework v613)
>Content-Type: text/plain; charset=US-ASCII; format=flowed
>Message-Id: <CE96CC72-9E77-11D8-92AB-000A957C9A50 at openinfo.co.uk>
>Content-Transfer-Encoding: 7bit
>From: Richard Barrett <r.barrett at openinfo.co.uk>
>Subject: Re: [Mailman-Users] Mail Lists,
> Authorized Posters and Virus/Worm Access
>Date: Wed, 5 May 2004 10:37:21 +0100
>To: Bob Bowers <b-bowers at cox.net>
>X-Mailer: Apple Mail (2.613)
>X-Virus-Scanned: by amavisd-milter (http://amavis.org/)
>X-Spam-Status: OK (lists-mailman 0.000)
>Cc: mailman-users at python.org
>X-BeenThere: mailman-users at python.org
>X-Mailman-Version: 2.1.5c2
>Precedence: list
>List-Id: Mailman mailing list management users <mailman-users.python.org>
>List-Unsubscribe: <http://mail.python.org/mailman/listinfo/mailman-users>,
> <mailto:mailman-users-request at python.org?subject=unsubscribe>
>List-Archive: <http://mail.python.org/pipermail/mailman-users>
>List-Post: <mailto:mailman-users at python.org>
>List-Help: <mailto:mailman-users-request at python.org?subject=help>
>List-Subscribe: <http://mail.python.org/mailman/listinfo/mailman-users>,
> <mailto:mailman-users-request at python.org?subject=subscribe>
>Sender: mailman-users-bounces at python.org
>Errors-To: mailman-users-bounces at python.org
>
>On 5 May 2004, at 09:28, Bob Bowers wrote:
>
>> In my community last week, someone gained access to a mail list with
>> hundreds of subscribers by mimicking an email address authorized to
>> post to the list (moderation bit set OFF). In such a case, moderator
>> approval was not required. What resulted was that a worm of the
>> W32Beagle variety was sent to many hundreds of subscribers. I have
>> changed all my mail lists to require active moderation of all posts
>> (moderation bits are ON for all subscribers), and automatic rejection
>> of all posts from non-members.
>>
>> It appears that it was just a matter of time for someone with ill
>> intent to figure out that the "from" address in a message from a mail
>> list might represent access to the mail list for mischief. It would
>> not appear accidental that a virus or worm operating on some
>> unsuspecting individual's computer accidentally sent itself to the
>> posting address of a mail list as well as from an authorized email
>> address. It is more likely that it was deliberate.
>
>I doubt that the virus writer was targeting mailing lists in this
>considered fashion; to them, a mail alias is just a mail alias.
>
>I understand these virus types use the MUA address book on machines it
>infects as a source of mail address to send its progeny on to. One of
>your list's subscribers was probably the source of the infected message
>and your list's address just one of a number pillaged from that user's
>address book as destinations by a promiscuous virus.
>
>In my view, running effective virus (and spam) filtering on your
>incoming MTA is the secret of happiness. It keeps viruses away from
>your both your lists' and your real users' mail aliases, and it means
>you do not have to moderate everything if the virus loaded messages are
>being silently dropped in the bit bucket by the MTA.
>
>
>------------------------------------------------------
>Mailman-Users mailing list
>Mailman-Users at python.org
>http://mail.python.org/mailman/listinfo/mailman-users
>Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
>Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
>
More information about the Mailman-Users
mailing list