[Mailman-Developers] Spam vulnarability due to open public mboxes
Barry Warsaw
barry at python.org
Wed Feb 25 16:24:01 EST 2004
On Tue, 2004-02-24 at 12:26, Bastiaan Welmers wrote:
> I found an spam vulnarability in mailman public archives.
> However (you can choose to) mailaddresses in public archives are spam
> protected because @ will be replaced in " at " or " op " in both the txt
> and the html files, in the raw mbox file are still being the unprotected email addresses.
> I found this bug by change: after I subscribed a brand-new mailaddress to a
> public-archive list, shortly after that I recieved spam. A google search to this brand-new
> mail address brought me to the mbox file where it just stays unprotected.
Look at the new-in-MM2.1.4 PUBLIC_MBOX variable. This is now set to No
by default so as to disable access to the mbox file. I actually think
it's rare that people need access to this thing, especially because it
can get pretty huge.
-Barry
More information about the Mailman-Developers
mailing list