A low-tech fix I've used is to set "max_num_recipients" to a really
low number, like 2 or 3. Anything more than that, and the post gets
held for approval. Virtually every time I've seen a spam post that
spoofs a member's email address, it's had more than a couple of
recipients.

rac

> ---------- Forwarded message ----------
> From: Steve Lindemann <st...@marmot.org>
> To: mailman-users@python.org
> Date: Mon, 26 Jan 2009 15:26:53 -0700
> Subject: Re: [Mailman-Users] non-subscriber managed to post to a 
> subscriberonly list
> Mark Sapiro wrote:
>>
>> Right. That's why you have to look at the raw archive mbox file (not
>> the html archive or the periodic .txt or .txt.gz file). That's the
>> only place that will have the original envelope sender in the "From "
>> separator and the original Sender:.
>
> Thanks! Got it!  They spoofed a legitimate list member on the Return-Path:, 
> which also showed up on the first ("From ") message header line.  The From:, 
> Reply-To: reflected the purported spammer and there was no Sender: in the raw 
> mbox file.  The good news is that there was no Approved: or Approve: but 
> we're changing passwords anyway.
>
> I don't suppose there's anything we can do about this other than change that 
> particular user's email address... is there?
> --
> Steve Lindemann                         __
> Network Administrator                  //\\  ASCII Ribbon Campaign
> Marmot Library Network, Inc.           \\//  against HTML/RTF email,
> http://www.marmot.org                  //\\  vCards & M$ attachments
> +1.970.242.3331 x116
------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Reply via email to