[Mailman-Users] non-subscriber managed to post to a subscriberonly list
Steve Lindemann
steve at marmot.org
Mon Jan 26 22:56:47 CET 2009
Mark Sapiro wrote:
> Steve Lindemann wrote:
>> Lindsay Haisley wrote:
>>> Is it possible that the list mod or admin password got out? I believe
>>> than anyone can post to a moderated list by putting an "Approved:
>>> <password>" header or pseudo-header in a post.
>>
>> I'm on one of the lists that accepted the message (which is how it came
>> to my attention) and I just rechecked the message header and didn't see
>> anything resembling that... would mailman remove it from the header for
>> final delivery to the list members? Regardless, I'll see to getting
>> passwords changed, thanks.
>
> Yes, any Approve: or Approved: header will be removed from the post
> whether or not the password is valid.
>
duh... I should have known, that only makes sense. Sounds like the
Approve: or Approved header is a likely candidate. Getting those
passwords fixed now. Thanks.
--
Steve Lindemann __
Network Administrator //\\ ASCII Ribbon Campaign
Marmot Library Network, Inc. \\// against HTML/RTF email,
http://www.marmot.org //\\ vCards & M$ attachments
+1.970.242.3331 x116
More information about the Mailman-Users
mailing list