[Mailman-Users] Recent phishing mails are targeting mailing-lists -- and do pass
Mark Sapiro
mark at msapiro.net
Tue Sep 26 00:31:05 EDT 2017
On 09/25/2017 03:49 AM, Ralf Hildebrandt wrote:
> Recent phishing mails are targeting mailing-lists -- and do pass.
>
> From our logs:
> Sep 25 12:10:41 2017 (1940) post to rundmail-it from sabishi.meister at charite.de, size=4760, message-id=<486320030245.201792592050 at charite.de>, success
>
> But the headers of the mail that was automatically passed (since
> sabishi.meister at charite.de is a member) was:
>
> From: "Sabishi.Meister@" <charite.de events at tryphotels.ae>
A post is considered to be from a list member if any of the headers in
the Defaults.py/mm_cfg.py SENDER_HEADERS setting contains a member
address. The default setting is
SENDER_HEADERS = ('from', None, 'reply-to', 'sender')
(None means the envelope sender). Assuming you have the default setting,
the sabishi.meister at charite.de address was either the envelope sender or
in Reply-To: or Sender:.
You could set
SENDER_HEADERS = ('from',)
in mm_cfg.py to test only the From: for list membership.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list