Comment 4 for bug 266042

The virus is making it through to the lists by using an
"envelope-from" (I believe that is the right term) of a valid,
subscribed list member, but a From: header which is some
address that does not exist and is not a member of the list
(usually admin@ or management@ the mailing list's domain).

See for example the message at http://bklyn.
org/~cae/mailman-stumper.txt

This message appears first in the MTA's logs as:

2004-03-11 16:31:44 1B1T5z-0009zY-00 <=
<email address hidden> H=(srr2) [192.168.100.17] P=smtp
S=17730 <email address hidden> from
<email address hidden> for <email address hidden>

where <email address hidden> is a valid list subscriber with
posting privileges.