On 3/15/2004 11:11, "Chuq Von Rospach" <[EMAIL PROTECTED]> wrote:
> and I don't have a good answer for that, not at all. not sure how to > close that hole offhand. we made it easy to figure out it IS a list, we > show an address that the virus can tell has posting privs -- and we do > no validation that it's actually coming from that address. ugh) I muttered here a couple of years ago about digital signing of messages which come from a non-moderated sender. I know it introduces non-trivial problems. I don't think the viruses manage SMTP AUTH yet (these days, they're intent on using their own SMTP servers and forging senders, so the needed authenticator probably isn't available on the machine they've infected...that could change)...one could certainly [try to] force mail to come that way. Here, incoming mail goes through our virus scan before getting farmed out to the mailing list machine. So far, that seems to have done its job. (We're weak on the spam side for the lists, but basically strong enough so far--almost all the few spam incidents have been moderators making errors.) --John _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
