[Mailman-Users] my mailman has been hacked !!

[Mark Sapiro]

Khalil Abbas wrote:
>
>First, posting to the list using Approved: header as the first line of the message body did not work becasue I'm sending formatted messages using Microsoft outlook with tables n stuff ..


If you post a multipart/alternative message with a text/plain and a
text/html part, the first line Approved: header should work although
its removal from the HTML part isn't 100% guaranteed.

Also, I can';t tell you how to do it in MS Outlook, but many MUAs have
a mechanism for adding true headers to the mail.

Try <http://www.google.com/#q=add+custom+header+outlook>


>Second, I tried the following: keep an email address as non moderated to be able to post to the list and in General options, I turned the option : 
>
> 
>
>Hide the sender of a message, replacing it with the list address  = YES
>
> 
>
>this way hackers n spammers won't know which address is allowed to post but now the subscribers are recieving From: listname at mydomain.com and not from: 'My web site's Name' which is annoying.. 


And it won't stop the spammers anyway. The spammers may have just been
lucky in spoofing your address, and even if you assume the got your
list address and posting address from spyware on one of your member's
computers, they have it.


>Third, I can't afford to turn everyone's moderation bit on even my own address and then approve the messages using the web interface for 2 reasons:
>
> 
>
>1- I have 7 lists which is a real pain to log into each one of them and approve the messages..
>
>2- I'm afraid to approve one of the tens of spam and members messages by mistake ..
>
> 
>
>what's the advice??


We gave you the advice. Post with an Approved: header or an Approved:
first line in a multipart/alternative message. You can do it.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan