[Mailman-Users] Non-subscribers defeating the generic non-member action
Robert Boyd Skipper
robert at skipperweb.org
Sun Jul 5 19:19:48 CEST 2009
I've been running lists for years, and the filtering has been pretty
good at blocking posts from non-members. But recently, there have been
some leaks, allowing non-member spammers to slip a message onto the
list. The first time this happened, it turned out to be due to
non-alphanumeric characters at the beginning of email addresses in the
From: field. So, I made a regex filter that put a stop to that. But
now, it has happened again, and I can't see anything unusual about the
emails. Has anyone else noticed this happening?
One of those emails that say "Can't see images? Click here!" got
through. The subject line reads, "[test] Dear test at mydomain.org
Shopping just got a lot easier!" (I've substituted dummy names for
real ones.) Where you see four spaces in the Subject line, there
instead appeared a small circle. The From: field had the name "Doctor
Joe Smith," but on mouseover, it said "test at mydomain.org." Now I've had
many hundreds of emails that spoofed the name of my list in the past.
And the program always caught them. This one got through. Doctor Joe
Smith is not a subscriber and his name does not appear in any of the
non-member filters.
I've blocked anything that claims to come from "test\@.*" and that seems
to have stopped it, but I don't think the spoofing explains the problem,
since mailman had previously blocked about ten posts per day that
spoofed the listname. It could be that I've never seen the combination
of a person's name and the listname in the From: field. I just don't
remember.
Any thought? I saved the email.
Skipper
More information about the Mailman-Users
mailing list