Dan Mahoney wrote: > >I just had a small problem. A virus was just sent to all the list members >which had spoofed the moderator's email address. No "requires approval" >message was sent, despite the fact that everyone (even the moderator) has >the "mod" bit set to "on". > >http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] > >Are there any known and open bugs in 2.1.5 that would allow this behavior?
I don't think so. If as you say, all member's "mod" bit is on, and no one is in accept_these_nonmembers, and generic_nonmember_action is other than "Accept", then the only way I know for a message to get through without explicit moderator action is for the message to contain an Approved: header (or first line of body) with the list password. I'd guess that any message generated by a windows e-mail worm would not have this. Thus, I don't know how it got through. >Is there any way of telling in the headers (or archives, or logs?) how a >message was approved? If it was actually approved, there should be an entry in Mailman's vette log. If it just "went through", I don't think there is any way to know why at this point. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
