Jon,
I may implement that for a temporary solution, but it does not take away
the full problem because anybody could be subscribed to the mailing list
(which isn't very high traffic anyhow) and see the IP addresses in the
message headers. Ideally I'd like to be able to protect my users from
Hiya,
I run a discussion list using Mailman 2.1 for a small open-source project.
Recently, there was a security vulnerability discussed on my list and
shortly after it was brought to light, several users of my list were
attacked by a cracker through this security issue. I believe that the
There are couple of things you can do.
- Edit the source of the arching program so that it drops the header
info from messages before archiving them (I did this last year for a
list and it's worked great).
- Run a script that edits the Mbox file for the list directly and then
re-archive after