On Sat, 5 Feb 2005, Jeff Groves wrote:
I think the two Received: headers could be enough considering the worm probably has it's own SMTP engine. The way to answer this for sure is to see if it is in the 'post' log.
Jan 27 22:55:10 2005 (39139) post to vgc-announce from [EMAIL PROTECTED], size=39384, message-id=<[EMAIL PROTECTED]>, success
I agree with Mark and would go even further that it is all you need to know. The pcp08579508pcs.alxndr01.va.comcast.net address, which is indicative of a Comcast end-user in Alexandria, Virginia, is plenty to know that the user that had the address at the particular time (Thu, 27 Jan 2005 21:15:35 -0500 (EST)) was infected with some type of worm.
Jeff, I had already worked out that much. And it might have trolled the list posting address from an address book or a previous email...but...
1) (This is the question I've been wanting the answer to the whole time)...Why did it not require approval? When Eric Graves (the same guy, same email address, the list owner and moderator), goes to make a post, it gets held back with a "requires approval". Up until recently, we took this as a sign that security was as it should be. Even if someone spoofed the email address, we'd have a chance to catch it.
2) Why isn't it in the vette log?
3) If the worm spoofed all the x-mailman headers and everything, and magically managed to insert itself into the pipermail archives, why are the logs missing?
--
"Happy, Sad, Happy, Sad, Happy, Sad, Happy, Intruiged! I've never been so in touch with my emotions!"
-AndrAIa as Hexadecimal, Reboot Episode 3.2.3
--------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------
------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org