[Mailman-Users] Non-subscribers defeating the generic non-member action

[Robert Boyd Skipper]

I've been running lists for years, and the filtering has been pretty 
good at blocking posts from non-members.  But recently, there have been 
some leaks, allowing non-member spammers to slip a message onto the 
list.  The first time this happened, it turned out to be due to 
non-alphanumeric characters at the beginning of email addresses in the 
From: field.  So, I made a regex filter that put a stop to that.   But 
now, it has happened again, and I can't see anything unusual about the 
emails.  Has anyone else noticed this happening? 

One of those emails that say "Can't see images? Click here!" got 
through.  The subject line reads, "[test] Dear test at mydomain.org 
Shopping just got a lot    easier!"  (I've substituted dummy names for 
real ones.)  Where you see four spaces in the Subject line, there 
instead appeared a small circle.  The From: field had the name "Doctor 
Joe Smith," but on mouseover, it said "test at mydomain.org."  Now I've had 
many hundreds of emails that spoofed the name of my list in the past.  
And the program always caught them.  This one got through.  Doctor Joe 
Smith is not a subscriber and his name does not appear in any of the 
non-member filters. 

I've blocked anything that claims to come from "test\@.*" and that seems 
to have stopped it, but I don't think the spoofing explains the problem, 
since mailman had previously blocked about ten posts per day that 
spoofed the listname.   It could be that I've never seen the combination 
of a person's name and the listname in the From: field.  I just don't 
remember. 

Any thought?  I saved the email. 

Skipper