LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Spam e-mail sent to announce-only list

Pete Weiss <[log in to unmask]>

Tue, 20 May 2003 15:28:48 -0400

text/plain (65 lines)

At 15:07 05/20/2003 Tuesday, Wes Anderson wrote:

 >We have since changed the Send parm to Send=Editor,Hold,Confirm.

Good thinking!

 >Note also that the list is re-generated through a bulk-load process.
 >Subscribers cannot subscribe or change their settings, so it seems that the
 >Validate parm is not as critical as would be the case if subscribers were
 >allowed to manage their accounts.

[They are unable to manage NOPOST as an everyday subscriber.]


 >The current configuration looks like this:
 >
 >Subscription= By_owner
 >Ack= Yes
 >Confidential= Yes
 >Validate= No
 >Reply-to= [log in to unmask]
 >Review= Owners
 >Editor= xxxxxx @pharmacists.ca
 >Send= Editor,Hold,Confirm
 >Errors-To= Owner
 >Owner= xxxxxx @pharmacists.ca
 >Default-Options= NOPOST
 >Notebook= Yes,e:\sites\listserv-cpha.inf.ca,Monthly,Owner
 >Change-Log= Yes
 >
 >Also, we are trying to determine who the spammer is and how they managed to
 >send this e-mail.  Does anyone have any experience in this area?  The
 >manager of our Listserv says there was a virus that generated the e-mail but
 >it's still not clear how a virus could find the admin account to post to
 >this list.  Any ideas?

It did NOT need to affect/infect the admin account -- just some poor
person somewhere on the Internet who's system spoofed your admin
account  xxxxxx @pharmacists.ca

I have several more recommendations:

ADD a keyword

MODERATORS= ALL,[log in to unmask],[log in to unmask]

Update your EDITOR= to add the secondary moderator

Make sure that that [log in to unmask] and
[log in to unmask] are subscribed and that the following
commands have been issued:

SET listname REV FOR [log in to unmask] PW=????
SET listname REV FOR [log in to unmask] PW=????

You might consider updating your templates so that the auto-acks to
NOPOST responses are suppressed.  This is very nice so that you are not
bothered by bounces of spoofed (and non-existent) posters who's mail is
rejected by the list and then bounces back to the ERRORS-TO address.

We use this precise config on a particular daily announce-only list and
are NOT bothered by spoofed email being distributed to valued customers.

/Pete

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM