[Mailman-Users] non-subscriber managed to post to a subscriber onlylist
Lindsay Haisley
fmouse-mailman at fmp.com
Mon Jan 26 23:13:30 CET 2009
On Mon, 2009-01-26 at 16:03 -0600, Barry Finkel wrote:
> We had a case last week when someone sent mail with a spoofed
>
> "From: ...."
>
> line that contained the e-mail address of the list owner.
Unless the list owner is also a subscriber with his/her mod flag turned
off, the fact that something is posted from an owner or moderator
address carries no weight with Mailman. I have to deal with this all
the time with distribution-only lists which have everyone's moderator
flag turned off, and the customer gets a new mail admin staffer who
doesn't understand how to use the list, and even though they're listed
as list owner they can't post until they subscribe and unset their mod
flag (or use an Approved: pseudo-header).
Extreme paranoia is the ideal starting point for good Internet
security.
--
Lindsay Haisley | "In an open world, | PGP public key
FMP Computer Services | who needs Windows | available at
512-259-1190 | or Gates" | http://pubkeys.fmp.com
http://www.fmp.com | |
More information about the Mailman-Users
mailing list