[Mailman-Users] Non-members allowed to post!
Mark Sapiro
msapiro at value.net
Fri Mar 4 23:11:40 CET 2005
David Gibbs wrote:
>
>I have a serious problem here that I can't seem to figure out. I've
>been running Mailman for a very long time and have never seen this
>behavior before.
>
>A person is posting messages via GMane, but they are not subscribed to
>the list. However, their messages are being allowed to post!
>
>I have my list configured with ...
>
>generic_nonmember_action = hold
>accept_these_nonmembers = <empty>
>default_member_moderation = yes
>member_moderation_action = hold
>
>As you can see from this post log entry, the posting was accepted ...
>
>Mar 02 09:26:10 2005 (28195) post to rpg400-l from pearlsoft at xxxxxxxxx,
>size=2570, message-id=<d04kvp$kot$1 at sea.gmane.org>, success
>
>But 'pearlsoft at xxxxxxxxx' is not subscribed to any of my lists.
The address in the post log entry (pearlsoft at xxxxxxxxx in this case) is
not necessarily the address which was validated for the list. There
are various possibilities, but for example, the address in the post
log entry could be the From: header address while the address that was
accepted as a member could be the envelope sender (or unixfrom)
address.
You may be able to get the incoming envelope sender from your MTA logs.
Also, if the list password has been compromised, the post could have
contained an Approved: header/line.
Both the original envelope sender and any Approved: header/line are
gone from the post as received from the list making it difficult to
diagnose this.
Still, looking at the post as received from the list might reveal a
Sender: or Resent-From: or other header that might have a member's
address.
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list