[Mailman-Users] Non-members seemingly able to post

Robert Boyd Skipper robert at skipperweb.org
Thu Feb 7 17:33:39 CET 2008 

Mark:

Thanks again.  This is greatly helpful.  I'll look into all of these suggestions today. 
  It turns out that emails beginning with a hyphen also get through.  So I'm 
supplementing a filter for an initial underscore with a filter for an initial \W as 
well.  Until I know the exact parameter of the hole in mailman, I'd rather delay some 
legitimate posts than let through any more spam.

Skipper




Mark Sapiro wrote:
> Robert Boyd Skipper wrote:
>> Thank you for this information.  The headers don't seem to be the problem, as they 
>> contain non-member emails.  I don't have direct access to the mm_cfg.py file, and I 
>> can't find a user_envelope_sender in the web-based administration pages.  So I haven't 
>> checked into that.
> 
> 
> Here's something you can try. Since you don't have access to mm_cfg.py,
> I assume you don't have direct access to
> archives/private/listname.mbox/listname.mbox either, but you can get
> it from the web (if it's not too humongous) with a URL like
> <http://www.example.com/mailman/private/listname.mbox/listname.mbox>.
> If you find the message(s) there, the initial "From " line and the
> Return-Path:, if any, have the envelope sender. Then, the Reply-To:
> and Sender: if any will be as in the original post, assuming your list
> isn't anonymous and doesn't mung the Reply-To:
> 
> 
>> However, I do have one more fact that may be relevant.  I just received another spam 
>> posting that got through.  It and the previous one both have emails that begin with an 
>> underscore: _pearl at absinth.com and _nlahtien at musikverein-altenhof.de
>> So, as a possible quick fix, I've set the Spam filter rule 1 to the following
>>
>> from: _.*@.*
>>
>> Maybe this will work?
> 
> 
> It should, assuming there's no 'real name' between From: and the
> address and the address isn't in <>. I woul be inclined to try
> something along the lines of
> 
>   ^from:.*[ <]_[^<> ]+ at .*
> 
> If you give this rule a Hold action, then you can see the original held
> message with the original incoming headers intact. You will even see
> the presence of an Approved: header or body line if any, although this
> isn't likely to be the reason the message gets through as it requires
> the list's admin or moderator password.
> 

-- 
Robert Boyd Skipper
P.O. Box 593
Wimberley, TX 78676

More information about the Mailman-Users mailing list