On 07/18/2018 06:28 PM, Matt Morgan wrote: > On one of my lists I'm seeing some spam from non-subscribers getting > through. It appears that the trick is to put a subscriber's address in the > "real name" of the sender. E.g., this got through, without being held for > moderation, on a list with generic_nonmember_action = discard (emails of > the innocent obfuscated): > > *From:* "x...@johnxxx.com <j...@johngreenwaltlee.com>" <enrollm...@ekonek.com>
I'm not sure what the actual incoming From: looked like. I'm sure the asterisks in *From:* are some MUA's bolding artifact, but that notwithstanding, if the header was From: "x...@johnxxx.com <j...@johngreenwaltlee.com>" <enrollm...@ekonek.com> Mailman will parse that as real name: 'x...@johnxxx.com <j...@johngreenwaltlee.com>' address: 'enrollm...@ekonek.com' and the only address checked for list membership will be enrollm...@ekonek.com In any case, if you haven't changed the setting of SENDER_HEADERS in mm_cfg.py, Mailman will consider a post to be from a list member if any of the From: header, the envelope sender, the Reply-To: header or the Sender: header contains the member address as an address, not as a real name. It is trivial to spoof a member address in one of those places. As far as what happened in this case, I can't say without seeing the original message as received by Mailman before various headers were munged and the post sent to the list. If you want to diagnose this, you can temporarily add a local file to the alias for the list posting address to capture the incoming mail, at least if mailman's delivery is via aliases. I.e., if you currently have an alias like listname: "|/path/to/mail/mailman post virt" add a file as in listname: "|/path/to/mail/mailman post listname" /path/to/file Then the MTA will save the message to 'file' as well as delivering it to mailman. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org