[Mailman-Users] Non-subscribers defeating the generic non-member action
Mark Sapiro
mark at msapiro.net
Mon Jul 6 16:53:18 CEST 2009
Robert Boyd Skipper wrote:
>
> I've been running lists for years, and the filtering has been pretty
> good at blocking posts from non-members. But recently, there have been
> some leaks, allowing non-member spammers to slip a message onto the
> list. The first time this happened, it turned out to be due to
> non-alphanumeric characters at the beginning of email addresses in the
> From: field.
I don't know why non-alphanumeric characters in the address would by
themselves cause a non-member post to be accepted.
> So, I made a regex filter that put a stop to that. But
> now, it has happened again, and I can't see anything unusual about the
> emails. Has anyone else noticed this happening?
>
> One of those emails that say "Can't see images? Click here!" got
> through. The subject line reads, "[test] Dear test at mydomain.org
> Shopping just got a lot easier!" (I've substituted dummy names for
> real ones.) Where you see four spaces in the Subject line, there
> instead appeared a small circle.
The Subject: header has nothing to do with whether or not the post is
accepted.
> The From: field had the name "Doctor
> Joe Smith," but on mouseover, it said "test at mydomain.org." Now I've had
> many hundreds of emails that spoofed the name of my list in the past.
> And the program always caught them. This one got through. Doctor Joe
> Smith is not a subscriber and his name does not appear in any of the
> non-member filters.
The "real name" in the From: header also has nothing to do with it.
> I've blocked anything that claims to come from "test\@.*" and that seems
> to have stopped it, but I don't think the spoofing explains the problem,
> since mailman had previously blocked about ten posts per day that
> spoofed the listname. It could be that I've never seen the combination
> of a person's name and the listname in the From: field. I just don't
> remember.
By default (this can be changed in mm_cfg.py but normally isn't), Mailman
looks at the addresses in From:, Reply-To: and Sender: headers and the
envelope sender address to determine if the post is "from" a list member.
> Any thought? I saved the email.
The mail received from the list will not reflect the original envelope
sender or Sender: header and may not reflect the original Reply-To:. Thus
it is not completely useful in diagnosing this. If you have access to the
archives/private/LIST.mbox/List.mbox file, the message archived there will
have the original Sender: if any and may have a Return-Path: header
indicating the original envelope sender.
How are you "blocking" mail from "test\@.*"?
What if anything is in the list's accept_these_nonmembers?
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list