[Mailman-Users] non-subscriber managed to post to a subscriber only list
Lindsay Haisley
fmouse-mailman at fmp.com
Mon Jan 26 22:42:31 CET 2009
On Mon, 2009-01-26 at 14:34 -0700, Steve Lindemann wrote:
> Lindsay Haisley wrote:
> > Is it possible that the list mod or admin password got out? I believe
> > than anyone can post to a moderated list by putting an "Approved:
> > <password>" header or pseudo-header in a post.
>
> I'm on one of the lists that accepted the message (which is how it came
> to my attention) and I just rechecked the message header and didn't see
> anything resembling that... would mailman remove it from the header for
> final delivery to the list members?
Yes, absolutely. Not only in the text/plain part but in every part of a
multipart message in which it occurs. Otherwise it would be the
equivalent of serving up your list security on a silver platter to the
world and passing out carving knives :(
> Regardless, I'll see to getting
> passwords changed, thanks.
Good idea. Check your full headers on these posts. Mark's note is
probably relevant here.
--
Lindsay Haisley | "The difference between | PGP public key
FMP Computer Services | a duck is because one | available at
512-259-1190 | leg is both the same" | http://pubkeys.fmp.com
http://www.fmp.com | - Anonymous |
More information about the Mailman-Users
mailing list