Re: [Mailman-Users] my mailman has been hacked !!
Ok I have a set of problems here.. First, posting to the list using Approved: header as the first line of the message body did not work becasue I'm sending formatted messages using Microsoft outlook with tables n stuff .. Second, I tried the following: keep an email address as non moderated to be able to post to the list and in General options, I turned the option : Hide the sender of a message, replacing it with the list address = YES this way hackers n spammers won't know which address is allowed to post but now the subscribers are recieving From: listn...@mydomain.com and not from: 'My web site's Name' which is annoying.. Third, I can't afford to turn everyone's moderation bit on even my own address and then approve the messages using the web interface for 2 reasons: 1- I have 7 lists which is a real pain to log into each one of them and approve the messages.. 2- I'm afraid to approve one of the tens of spam and members messages by mistake .. what's the advice?? Thanks .. Date: Wed, 27 May 2009 16:39:28 -0700 From: m...@msapiro.net To: jeff...@goldmark.org; khillo...@hotmail.com CC: mailman-users@python.org Subject: Re: [Mailman-Users] my mailman has been hacked !! Jeffrey Goldberg wrote: On May 27, 2009, at 1:23 PM, Khalil Abbas wrote: all members are moderated, except my own email address (m...@email.com) which I use to post to the list .. someone sent from my address the 'From' name is not me, Please clarify. Did the From line contain your email address (m...@email.com ) or not? You seem to be saying two different things. If, as I suspect, someone is merely forging your address to post to the list, there are two things that you can do (I would recommend that you do (1) as an immediate and temporary measure, until you can get (2) in place). (1) Moderate even your own postings, so that your list moderator password is required to post, even if from your own address. (2) Improve the spam/virus filtering on your mailserver. A forged message from an open relay containing a virus should have been stopped by your mail system long before it reached mailman. Two comments in addition to the above good advice. 1) Almost anyone can spoof your address in the From: of an email. This does not require an open relay server or anything fancy. Almost any MUA can do it. 2) That is why for announce lists we recommend moderating everyone and if you want to avoid moderation when posting, use an Approved: header to bypass moderation. See the FAQs at http://wiki.list.org/x/3YA9 and http://wiki.list.org/x/XIA9. -- Mark Sapiro m...@msapiro.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan _ Windows Live™: Keep your life in sync. Check it out! http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_allup_explore_012009 -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Users] my mailman has been hacked !!
Khalil Abbas wrote: First, posting to the list using Approved: header as the first line of the message body did not work becasue I'm sending formatted messages using Microsoft outlook with tables n stuff .. If you post a multipart/alternative message with a text/plain and a text/html part, the first line Approved: header should work although its removal from the HTML part isn't 100% guaranteed. Also, I can';t tell you how to do it in MS Outlook, but many MUAs have a mechanism for adding true headers to the mail. Try http://www.google.com/#q=add+custom+header+outlook Second, I tried the following: keep an email address as non moderated to be able to post to the list and in General options, I turned the option : Hide the sender of a message, replacing it with the list address = YES this way hackers n spammers won't know which address is allowed to post but now the subscribers are recieving From: listn...@mydomain.com and not from: 'My web site's Name' which is annoying.. And it won't stop the spammers anyway. The spammers may have just been lucky in spoofing your address, and even if you assume the got your list address and posting address from spyware on one of your member's computers, they have it. Third, I can't afford to turn everyone's moderation bit on even my own address and then approve the messages using the web interface for 2 reasons: 1- I have 7 lists which is a real pain to log into each one of them and approve the messages.. 2- I'm afraid to approve one of the tens of spam and members messages by mistake .. what's the advice?? We gave you the advice. Post with an Approved: header or an Approved: first line in a multipart/alternative message. You can do it. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Users] my mailman has been hacked !!
In addition to the earlier suggestions: 1. Turn on content filtering -- the default settings should remove most if not all dangerous attachments. 2. Under general settings, set the maximum message size as small as possible. This not only blocks a lot of viruses but on a discussion list it prevents people from quoting an entire digest when replaying. But for broadcast lists, the suggestion about moderating everybody should do the trick. I just keep emergency moderation (also on general options page) on at all times for those lists. rac -- Forwarded message -- From: Rob MacGregor rob.macgre...@gmail.com To: mailman-users@python.org Date: Wed, 27 May 2009 19:41:15 +0100 Subject: Re: [Mailman-Users] my mailman has been hacked !! On Wed, May 27, 2009 at 19:23, Khalil Abbas khillo...@hotmail.com wrote: HELP!! one of my lists has been hacked.. all members are moderated, except my own email address (m...@email.com) which I use to post to the list .. someone sent from my address to the list and all my subscribers has recieved a damn virus as an attachment!! but the 'From' name is not me, which means that the sender didn't use my email to send but used a kind of open-relayed server or something .. please help what should I do ??? Look at the headers and work out what really happened. Forging email addresses is trivial. It is the work of a few seconds to send an email with somebody else's email address. You can mitigate somewhat by using SPF and DKIM, but it does require that everybody checks your SPF and DKIM records - not everybody does. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
[Mailman-Users] my mailman has been hacked !!
HELP!! one of my lists has been hacked.. all members are moderated, except my own email address (m...@email.com) which I use to post to the list .. someone sent from my address to the list and all my subscribers has recieved a damn virus as an attachment!! but the 'From' name is not me, which means that the sender didn't use my email to send but used a kind of open-relayed server or something .. please help what should I do ??? _ Windows Live™: Keep your life in sync. Check it out! http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_allup_explore_012009 -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Users] my mailman has been hacked !!
On May 27, 2009, at 1:23 PM, Khalil Abbas wrote: all members are moderated, except my own email address (m...@email.com) which I use to post to the list .. someone sent from my address the 'From' name is not me, Please clarify. Did the From line contain your email address (m...@email.com ) or not? You seem to be saying two different things. If, as I suspect, someone is merely forging your address to post to the list, there are two things that you can do (I would recommend that you do (1) as an immediate and temporary measure, until you can get (2) in place). (1) Moderate even your own postings, so that your list moderator password is required to post, even if from your own address. (2) Improve the spam/virus filtering on your mailserver. A forged message from an open relay containing a virus should have been stopped by your mail system long before it reached mailman. Cheers, -j -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Users] my mailman has been hacked !!
Jeffrey Goldberg wrote: On May 27, 2009, at 1:23 PM, Khalil Abbas wrote: all members are moderated, except my own email address (m...@email.com) which I use to post to the list .. someone sent from my address the 'From' name is not me, Please clarify. Did the From line contain your email address (m...@email.com ) or not? You seem to be saying two different things. If, as I suspect, someone is merely forging your address to post to the list, there are two things that you can do (I would recommend that you do (1) as an immediate and temporary measure, until you can get (2) in place). (1) Moderate even your own postings, so that your list moderator password is required to post, even if from your own address. (2) Improve the spam/virus filtering on your mailserver. A forged message from an open relay containing a virus should have been stopped by your mail system long before it reached mailman. Two comments in addition to the above good advice. 1) Almost anyone can spoof your address in the From: of an email. This does not require an open relay server or anything fancy. Almost any MUA can do it. 2) That is why for announce lists we recommend moderating everyone and if you want to avoid moderation when posting, use an Approved: header to bypass moderation. See the FAQs at http://wiki.list.org/x/3YA9 and http://wiki.list.org/x/XIA9. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Users] my mailman has been hacked !!
On Wed, May 27, 2009 at 19:23, Khalil Abbas khillo...@hotmail.com wrote: HELP!! one of my lists has been hacked.. all members are moderated, except my own email address (m...@email.com) which I use to post to the list .. someone sent from my address to the list and all my subscribers has recieved a damn virus as an attachment!! but the 'From' name is not me, which means that the sender didn't use my email to send but used a kind of open-relayed server or something .. please help what should I do ??? Look at the headers and work out what really happened. Forging email addresses is trivial. It is the work of a few seconds to send an email with somebody else's email address. You can mitigate somewhat by using SPF and DKIM, but it does require that everybody checks your SPF and DKIM records - not everybody does. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
