We run about 20 majordomo lists reaching 16,000 subscribers.
Lately there has been a virus on some users computers, which
automatically sends itself in reply to any mail received.
Hence, it was being sent to the list by infected subscribers.
I changed all lists to moderated with approval required, so the virus
messages were bounced to the moderator (and deleted).
BUT - the virus has taken to sending itself to <list-outgoing>, which
then resends to the whole list and effectively avoids all restrictions
found in the list configuration file.
This seems to be a rather large whole, which could be used by spammers as
well as viruses. By simply adding -outgoing to the name of a list, anyone
can send anything to any list.
What can be done?