[Mailman-Users] Spoofed Addresses

David Relson relson at osagesoftware.com
Sat Oct 30 21:06:01 CEST 2004 

On Sat, 30 Oct 2004 14:56:40 +0200
Brad Knowles wrote:

> At 10:11 PM -0400 2004-10-29, David Relson wrote:
> 
> >  My mail handling environment is composed of postfix, procmail,
> >  bogofilter, and mailman.  All incoming messages are _supposed_ to
> >  be processed by bogofilter, which adds a spam/ham tag to the
> >  message header.  Messages to "mydomain.com" have the tags, but
> >  messages to"mylists.org" do not (as confirmed by looking at *.pck
> >  in held-msgs). Can you point me towards a FAQ, HOWTO, or other
> >  document which might shed light on why this is so?
> 
> 	That sounds like a bogofilter question, which you should be
> 	using 
> bogofilter resources to try to answer -- like their mailing lists, 
> newsgroups, etc....  I doubt that the Mailman-users mailing list is 
> going to be very useful in trying to answer bogofilter questions.
> 
> 	That said, if you want to keep from having your own address 
> spoofed, I imagine you could add some bogofilter rules that look 
> through the headers and increase or decrease the score depending on 
> whether it appears that the message is originating from your machine 
> and claims to have your address on it, or if the message originates 
> from somewhere else but has your address.

Brad,

Actually it's more of a mailman setup question, as in "why don't mailing
list messages go through procmail (which handle bogofilter and other
such stuff)?" and "how do I set up mailman in a postfix environment so
that filters, for example virus checkers, get run to protect the list
from propagating bad stuff, e.g. viruses.

Due to limited time, I've only answered part of the question so far ---

I've learned that /var/lib/mailman/data/aliases (generated by Mailman)
has entries like:

bogofilter:        "|/usr/lib/mailman/mail/mailman post bogofilter"
bogofilter-admin:  "|/usr/lib/mailman/mail/mailman admin bogofilter"

my next step is to look at the mailman code that generates this, see if
there are options for running additional filters, etc, etc.

By the way, being a bayesian filter, bogofilter doesn't have any rules.
Address validation is in the realm of procmail's capabilities and, at
the present time, that's not being run for mailing list messages.

Also, I'm not so much worried about having my own address spoofed as the
possibility that _any_ subscribers address can be spoofed with uncertain
consequences.  The spoofed address just happened to be mine, but the
same problem would have happened with any of several hundred other
addresses.

Thanks for all the work that's gone into mailman.  I  recognize what it
takes and _do_ appreciate what you've done.

Regards,

David

More information about the Mailman-Users mailing list