Ok I have a set of problems here..
First, posting to the list using Approved: header as the first line of the message body did not work becasue I'm sending formatted messages using Microsoft outlook with tables n stuff .. Second, I tried the following: keep an email address as non moderated to be able to post to the list and in General options, I turned the option : Hide the sender of a message, replacing it with the list address = YES this way hackers n spammers won't know which address is allowed to post but now the subscribers are recieving From: [email protected] and not from: 'My web site's Name' which is annoying.. Third, I can't afford to turn everyone's moderation bit on even my own address and then approve the messages using the web interface for 2 reasons: 1- I have 7 lists which is a real pain to log into each one of them and approve the messages.. 2- I'm afraid to approve one of the tens of spam and members messages by mistake .. what's the advice?? Thanks .. > Date: Wed, 27 May 2009 16:39:28 -0700 > From: [email protected] > To: [email protected]; [email protected] > CC: [email protected] > Subject: Re: [Mailman-Users] my mailman has been hacked !! > > Jeffrey Goldberg wrote: > > >On May 27, 2009, at 1:23 PM, Khalil Abbas wrote: > > > >> all members are moderated, except my own email address > >> ([email protected]) which I use to post to the list .. > > > >> someone sent from my address > > > > > >> the 'From' name is not me, > > > >Please clarify. Did the From line contain your email address ([email protected] > >) or not? You seem to be saying two different things. > > > >If, as I suspect, someone is merely forging your address to post to > >the list, there are two things that you can do (I would recommend that > >you do (1) as an immediate and temporary measure, until you can get > >(2) in place). > > > >(1) Moderate even your own postings, so that your list moderator > >password is required to post, even if "from" your own address. > > > >(2) Improve the spam/virus filtering on your mailserver. A forged > >message from an open relay containing a virus should have been stopped > >by your mail system long before it reached mailman. > > > Two comments in addition to the above good advice. > > 1) Almost anyone can spoof your address in the From: of an email. This > does not require an open relay server or anything fancy. Almost any > MUA can do it. > > 2) That is why for announce lists we recommend moderating everyone and > if you want to avoid moderation when posting, use an Approved: header > to bypass moderation. See the FAQs at <http://wiki.list.org/x/3YA9> > and <http://wiki.list.org/x/XIA9>. > > -- > Mark Sapiro <[email protected]> The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > _________________________________________________________________ Windows Liveā¢: Keep your life in sync. Check it out! http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_allup_explore_012009 ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
