On Mon, 2009-01-26 at 14:34 -0700, Steve Lindemann wrote: > Lindsay Haisley wrote: > > Is it possible that the list mod or admin password got out? I believe > > than anyone can post to a moderated list by putting an "Approved: > > <password>" header or pseudo-header in a post. > > I'm on one of the lists that accepted the message (which is how it came > to my attention) and I just rechecked the message header and didn't see > anything resembling that... would mailman remove it from the header for > final delivery to the list members?
Yes, absolutely. Not only in the text/plain part but in every part of a multipart message in which it occurs. Otherwise it would be the equivalent of serving up your list security on a silver platter to the world and passing out carving knives :( > Regardless, I'll see to getting > passwords changed, thanks. Good idea. Check your full headers on these posts. Mark's note is probably relevant here. -- Lindsay Haisley | "The difference between | PGP public key FMP Computer Services | a duck is because one | available at 512-259-1190 | leg is both the same" | http://pubkeys.fmp.com http://www.fmp.com | - Anonymous | ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
