[PLUG] Reloadme
Aj Lavin
aj at haightmail.org
Tue Jul 30 21:03:04 UTC 2002
On Tue, Jul 30, 2002 at 01:38:53AM -0700, AthlonRob wrote:
> On Mon, 2002-07-29 at 20:06, Aj Lavin wrote:
>
> > What makes this most recent piece of spam interesting is the fact that
> > the author,
> >
> > eldragon <eldragon at theposse.org> ,
> >
> > is not subscribed to the list.
>
> I'm no email header guru... so the info might still be there... but the
> actual email address of the sender is in the original (non-messed up by
> the list) headers. Not as FROM, but is reply to or something similar.
> The List software probably caught that (from a subscribed individual)
> and allows the posting.
>
> Klez forges the FROM header.
What Klez does with mail headers is beside the point. Mailman uses the
From: field to identify the sender, and it preserves the From: field
when it posts the message to the list.
So the From: field in the spam must have been set to the eldragon
address when Mailman received it. The question is, since eldragon is
not subscribed, how did the message get posted to the list?
Probably the message was flagged for moderation, and a list
administrator approved it by mistake.
- Aj
More information about the PLUG
mailing list