A low-tech fix I've used is to set "max_num_recipients" to a really low number, like 2 or 3. Anything more than that, and the post gets held for approval. Virtually every time I've seen a spam post that spoofs a member's email address, it's had more than a couple of recipients.
rac > ---------- Forwarded message ---------- > From: Steve Lindemann <st...@marmot.org> > To: mailman-users@python.org > Date: Mon, 26 Jan 2009 15:26:53 -0700 > Subject: Re: [Mailman-Users] non-subscriber managed to post to a > subscriberonly list > Mark Sapiro wrote: >> >> Right. That's why you have to look at the raw archive mbox file (not >> the html archive or the periodic .txt or .txt.gz file). That's the >> only place that will have the original envelope sender in the "From " >> separator and the original Sender:. > > Thanks! Got it! They spoofed a legitimate list member on the Return-Path:, > which also showed up on the first ("From ") message header line. The From:, > Reply-To: reflected the purported spammer and there was no Sender: in the raw > mbox file. The good news is that there was no Approved: or Approve: but > we're changing passwords anyway. > > I don't suppose there's anything we can do about this other than change that > particular user's email address... is there? > -- > Steve Lindemann __ > Network Administrator //\\ ASCII Ribbon Campaign > Marmot Library Network, Inc. \\// against HTML/RTF email, > http://www.marmot.org //\\ vCards & M$ attachments > +1.970.242.3331 x116 ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9