[Mailman-Users] Is there a security hole in Mailman?

Jon D. Slater Jon.Slater at LPBroadband.Net
Mon Feb 13 17:53:11 CET 2006 

Some are pretty generic ("board") while others are not
("DesignReviewCommittee").

> -----Original Message-----
> From: Patrick Bogen [mailto:pdbogen at gmail.com]
> Sent: Monday, February 13, 2006 9:46 AM
> To: Jon D. Slater
> Subject: Re: [Mailman-Users] Is there a security hole in Mailman?
> 
> Do your lists have reasonably common names? "announce" "staff" that
> sort of thing?
> Spammers don't care about bounced messages, so they might just be
> randomly guessing.
> 
> On 2/13/06, Jon D. Slater <Jon.Slater at lpbroadband.net> wrote:
> > > -----Original Message-----
> > > From: mailman-users-bounces+jon.slater=lpbroadband.net at python.org
> > > [mailto:mailman-users-bounces+jon.slater=lpbroadband.net at python.org]
> > > On Behalf Of Jeff Donsbach
> > > Sent: Sunday, February 12, 2006 10:10 AM
> > > To: mailman-users at python.org
> > > Subject: Re: [Mailman-Users] Is there a security hole in Mailman?
> > >
> > > On 2/12/06, Jon D. Slater <Jon.Slater at lpbroadband.net> wrote:
> > > > Hi All,
> > > >
> > > > Is there a security hole in Mailman?
> > > >
> > > >
> > > > How are the evil spammers harvesting my list names when they aren't
> > > > on
> > > the
> > > > 'listinfo' page?
> > > >
> > >
> > > >From the address book(s) of one or some of you subscribers infected
> > > with a virus/worm?
> > >
> > > >
> > > > And, more importantly, is there a way to prevent it?  (BTW, I'm also
> > > using
> > > > SPAM ASSASSIN and a lot of these SPAM messages still get through.)
> > > >
> > >
> > > Is your list set for "subscribers only" posting? Set your list to hold
> > > posts from non-members for moderation.
> > >
> > > Keep feeding the spam messages to "sa-learn".
> > >
> > > Jeff D
> >
> > I'm already doing that.  My complaint is that I have to go in and
> manually
> > reject or ignore these messages.
> >
> > How are they getting my list names in the first place?
> >
> > I don't believe this is an issue where an individual user may have been
> > compromised, because no single user accesses all the groups on all of
> the
> > servers.
> >
> > Jon
> >
> > ------------------------------------------------------
> > Mailman-Users mailing list
> > Mailman-Users at python.org
> > http://mail.python.org/mailman/listinfo/mailman-users
> > Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
> > Searchable Archives: http://www.mail-archive.com/mailman-
> users%40python.org/
> > Unsubscribe: http://mail.python.org/mailman/options/mailman-
> users/pdbogen%40gmail.com
> >
> > Security Policy: http://www.python.org/cgi-bin/faqw-
> mm.py?req=show&amp;file=faq01.027.htp
> >
> 
> 
> --
> - Patrick Bogen
> 
> 
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.375 / Virus Database: 267.15.6/258 - Release Date: 2/13/2006

More information about the Mailman-Users mailing list