[Mailman-Users] non-subscriber managed to post to a subscriberonly list

[Steve Lindemann]

Mark Sapiro wrote:
> Steve Lindemann wrote:
>> Lindsay Haisley wrote:
>>> Is it possible that the list mod or admin password got out?  I believe
>>> than anyone can post to a moderated list by putting an "Approved:
>>> <password>" header or pseudo-header in a post.
 >>
>> I'm on one of the lists that accepted the message (which is how it came 
>> to my attention) and I just rechecked the message header and didn't see 
>> anything resembling that...  would mailman remove it from the header for 
>> final delivery to the list members?  Regardless, I'll see to getting 
>> passwords changed, thanks.
> 
> Yes, any Approve: or Approved: header will be removed from the post
> whether or not the password is valid.
> 

duh... I should have known, that only makes sense.  Sounds like the 
Approve: or Approved header is a likely candidate.  Getting those 
passwords fixed now.  Thanks.
--
Steve Lindemann                         __
Network Administrator                  //\\  ASCII Ribbon Campaign
Marmot Library Network, Inc.           \\//  against HTML/RTF email,
http://www.marmot.org                  //\\  vCards & M$ attachments
+1.970.242.3331 x116