On 09/25/2017 03:49 AM, Ralf Hildebrandt wrote: > Recent phishing mails are targeting mailing-lists -- and do pass. > > From our logs: > Sep 25 12:10:41 2017 (1940) post to rundmail-it from > sabishi.meis...@charite.de, size=4760, > message-id=<486320030245.201792592...@charite.de>, success > > But the headers of the mail that was automatically passed (since > sabishi.meis...@charite.de is a member) was: > > From: "Sabishi.Meister@" <charite.de eve...@tryphotels.ae>
A post is considered to be from a list member if any of the headers in the Defaults.py/mm_cfg.py SENDER_HEADERS setting contains a member address. The default setting is SENDER_HEADERS = ('from', None, 'reply-to', 'sender') (None means the envelope sender). Assuming you have the default setting, the sabishi.meis...@charite.de address was either the envelope sender or in Reply-To: or Sender:. You could set SENDER_HEADERS = ('from',) in mm_cfg.py to test only the From: for list membership. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org