[Mailman-Users] non-subscribers getting through--email address in "Real Name"
Mark Sapiro
mark at msapiro.net
Thu Jul 19 13:25:01 EDT 2018
On 07/19/2018 05:16 AM, Robert Heller wrote:
> At Wed, 18 Jul 2018 19:33:20 -0700 Mark Sapiro <mark at msapiro.net> wrote:
>
>>
>> On 07/18/2018 07:10 PM, Robert Heller wrote:
>>>
>>> Mailman only checks the From: header...
>>
>>
>> Not true. See my other reply in this thread.
>
> I mean it does not check things like the Received: headers *by default*. If
> the email part of the From: header is a list member address, Mailman will
> consider that the mail is from that member and pass the message on to the
> list, *even if the From: header is spoofed*. I expect that this is what
> happening with the OP. It is a common spammer hack: somehow get a list of
> member addresses (or really hack a member's E-Mail accoung or PC and go from
> there).
>
> Yes, Mail mail can be configured to check other headers, but this requires
> some configuration settings.
My point is that standard, default Mailman checks not only the From:
header for list member addresses, it also checks the envelope sender and
the Reply-To: and Sender: headers.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list