#652 3.0 - form impersonation

open
Justin J
mailing (71)
9
2010-01-04
2009-12-24
Michel Degive
No

We run version 3.0 pro. Today 2 of our mailing list go spammed by somebody impersonating somebody else, look at the from below:
From: shay@eembc.org <verbalizingha2@rotim.com>
shay@eembc.org is allowed to mail to the list but the real email address is <verbalizingha2@rotim.com> which is not on the list.

This should have not gone through.

Discussion

  • Michel Degive
    Michel Degive
    2009-12-24

    email archives

     
    Attachments
  • Michel Degive
    Michel Degive
    2010-01-04

    Justin,

    Any chance you will fixing this soon?

     
  • Michel Degive
    Michel Degive
    2010-01-04

    • priority: 5 --> 9
     
  • Justin J
    Justin J
    2010-01-04

    • summary: from impersonation --> 3.0 - form impersonation
     
  • Justin J
    Justin J
    2010-01-04

    I don't really give ETA's for bug fixes or version releases, so I don't have a time this will be fixed. I've just come out of the holiday season and have moved across the Atlantic, so you may need to give me a breather.

    The new tracker is here, and I'll add this problem:

    http://github.com/justingit/dada-mail/issues

     
  • Justin J
    Justin J
    2010-01-06

    Here's a (potential) fix for your problem - this is the dada_bridge.pl script, based on what's shipped in 4.0.1, but with an extra test to look for multiple From: addresses. If one is found, the message is rejected. I don't have any real-world tests on this, but it could help with your situation.

    http://github.com/justingit/dada-mail/commit/0e4ba7ad5790fe855a761b435e702298a5acc805

    The sourceforge bug reporting system is going to be closing really soon for Dada Mail, so to follow any more stuff about Dada Mail, head on over to the github thingy:

    http://github.com/justingit/dada-mail/issues