It doesn't seem very likely to me that spammers would find the list addresses in the archives. Obviously, the addresses of posters are there (these can be obscured in 2.1, right?), but I don't see the list addresses anywhere. Our problem with spam going to lists... obviously, we don't want individuals getting spam, either, but our current concern is about lists being spammed.As for the list names being mined for spam, I've found that the biggest worry is the web-enabled archives.
That's an interesting idea... I assume we can set it to accept from list members and some given set of domains? That might be a very appropriate thing to implement. Thanks.Mailman's features can help a little against spam. You can set your lists so that they only accept mail from either a list member or from a user on the local domain.
Greg
Good Luck - Jon CarnesOn Sun, 2003-01-26 at 12:26, Greg Westin wrote:Hello Mailman folk,
I work with a group that provides services to student groups at a
university, and we're concerned that a lot of the lists have been
picking up spam lately. The prime suspect, at this point, is Mailman's
publishing of list names. If you can provide any input on how to
alleviate this problem, please let me know. I'm copying below a
message (slightly modified) from one of the more knowledgeable people I
work with:
---
My real concern with the behavior of the
listinfo and admin scripts is that they publish the list of lists
not only when invoked without arguments, but also if invoked on a
non-existent list name. Because apache can be configured to reject
outside of ourdomain.edu or wherever requests for
"http://lists.ourdomain.edu/mailman/listinfo";,
while still allowing
"http://lists.ourdomain.edu/mailman/listinfo/hcs-discuss";,
but what if spammers start generating random list names and sending,
e.g.,
"http://lists.ourdomain.edu/mailman/listinfo/sp4m";? No way to
stop such attacks except for Mailman to change its behavior (which
the patched version on lists.ourdomain currently does).
---
The patched version he's referring to simply denies access to
/mailman/listinfo (but not to /mailman/listinfo/valid-list-name) to
every request not from our domain. It's an ugly hack, but it's
generally fine because students will almost always be working from a
university computer, except perhaps when home on vacation.
Thanks for any help. Please reply off-list if you're getting this via
mailman-developers, as I'm not subscribed to that list. I am on
mailman-users, though.
Greg Westin
--
http://www.gregwestin.com
Contact info: http://www.gregwestin.com/contact.php
------------------------------------------------------
Mailman-Users mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
This message was sent to: [EMAIL PROTECTED]
Unsubscribe or change your options at
http://mail.python.org/mailman/options/mailman-users/jonc%40nc.rr.com
------------------------------------------------------
Mailman-Users mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
This message was sent to: [EMAIL PROTECTED]
Unsubscribe or change your options at
http://mail.python.org/mailman/options/mailman-users/ greg%40gregwestin.com
-- http://www.gregwestin.com Contact info: http://www.gregwestin.com/contact.php ------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: archive@jab.org Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
