I'm not sure what IP you think would be in the email header
that isn't already publicly available via a DNS query of
your email domain, or why you think even that IP would be in
the header of an intercepted mail.
Also, when you say "If smart enough to intercept that
message", are you aware of an attack tht would enable this,
or are you just concerned that it could happen.
Finally, password reminders will go away in Mailman 2.2.
We'll try to keep your concern in mind as we work on their