[Mailman-Users] mailman and email harvesters
Matthew Clarkson
matt at mail.netera.ca
Fri Mar 31 21:30:02 CEST 2006
Mark Sapiro wrote:
> Matthew Clarkson wrote:
>
>
>> We have switched half (about 15 so far) of our mailing lists from our
>> majordomo server (with a hypermail based archiving system) to our new
>> mailman server. I have just been notified by my boss that since the
>> start of the switchover (3 weeks ago) he and a few other people have had
>> a dramatic increase in spam based activity on their email accounts.
>>
>
>
> Have they posted, or are they just members?
>
>
They have all posted.
>> I
>> checked to make sure my robots.txt on the webserver root was fine with
>> the following entries
>>
>> User-agent: *
>> Disallow: /pipermail/
>>
>
>
> Do you really think any spambot is going to honor a robots.txt file?
>
>
I was aware that this is quite weak, but I knew that if I didn't mention
it, it would have come up on the response to the initial email..
> If you have public archives, at a minimum you need
>
> ARCHIVER_OBSCURES_EMAILADDRS = Yes
>
> This is the default, but have you turned it off in mm_cfg.py? I'm not
> sure how effective the obfuscation is, but it's probably better than
> 'in the clear' addresses.
>
>
This is set to obscure addresses (I have not changed any setting, either
globally or list specific) to change this setting.
>> Also, I verified that all my lists private_roster settings were set to
>> List members.
>>
>> Can anyone else think of, if it is mailman that is the culprit here, any
>> settings or ways that email harvesters could grab email addresses from a
>> mailman server?
>>
>
>
> Can a spammer subscribe to your list and get the roster and then
> unsubscribe? I don't know if spammers are sophisticated enough to do
> this automatically, and I doubt they do it manually, but it is a
> possibility unless subscription requires approval or the roster is
> limited to admins.
>
Yes, this could happen with most of our lists, but I would find it hard
to believe (not that it is still not possible) that a spammer would
spend his time on doing this for our relatively small (member wise)
lists, especially as soon as we put our mailing lists up on mailman
(less than a month ago), this was the setting on our majordomo server
for the last 3 years and we did not have this problem at all.
I mostly just wanted to verify with the original email I sent, that
there wasn't a blatant setting I was overlooking which would lead to
this. I am thinking that it's not mailman, but probably another way
that these harvesters are getting these email addresses.
Thank you very much for your insite and help into this Mark, I (and I'm
sure many others) appreciate all the help you give this list.
--
Matthew Clarkson
More information about the Mailman-Users
mailing list