[Mailman-Users] sender/envelope addresses esp with mailed commands

Barry A. Warsaw bwarsaw at cnri.reston.va.us
Sun Jul 18 21:42:43 CEST 1999 

>>>>> "NM" == Nigel Metheringham <Nigel.Metheringham at vdata.co.uk> writes:

    NM> I am using Mailman 1.0rc3 (same result with 1.0rc2).  I have
    NM> the default zero setting for USE_ENVELOPE_SENDER.  The MUA I
    NM> am using on the test account is Netscape running on Linux
    NM> connecting through an ISP by POP/SMTP.  Netscape appears to
    NM> add a "Sender: nigel" header - ie my unqualified user name,
    NM> which is not qualified by any of the MTAs on the way
    NM> (basically none of the MTAs will have sufficient information
    NM> to qualify it so they shouldn't be playing with it).

    NM> Fixing up the sender header is not really an option - it
    NM> impacts to many other peoples systems.

    NM> I tried just stripping the sender header (assuming that would
    NM> cause a drop back to From: headers as is implied in the FAQ
    NM> etc), and managed to completely break list posting :-(

I don't understand this part.  Where did you strip the Sender: header?
Look at IncomingMessages.GetSender() in Mailman/Message.py.  It
definitely falls back to using From: if Sender: doesn't exist.

    NM> So I guess that Mailman, to be safe, should check the sender
    NM> address more carefully - specifically if it is not qualified
    NM> then it should discard it and use the From: or envelope (maybe
    NM> Return-Path:) address in its place.

Mailman /could/ have some cascading algorithm for authenticating an
email address (i.e. authenticate Sender -> From -> Reply-to ->
Envelope Sender).  That's a big change to the current situation, so
I'm not going to do this for the 1.0 release.  Mailman currently only
authenticates the first address it finds and if that fails then the
message gets held.

However, if your ISP is inserting an unqualified Sender: address into
outgoing mail it is broken.  You say fixing this is not really an
option, though I don't understand why that is (it what way does it
impact many other people's systems?).  If that's really the case I
don't know what you can really do.

-Barry

More information about the Mailman-Users mailing list