[Mailman-Users] ban member from joining not working

[Mark Sapiro]

Rae wrote:
>
>Thanks for the response. I did have a specific email address in the 
>ban list and that specific email address was able to subscribe even 
>though the list's subscription is set to confirm. Any ideas as to 
>what else I should look for or do to prevent this from happening again?

Actually, when I said the ban list only bans specific email addresses
from subscribing, I was forgetting that the ban list can also contain
regexps, but that isn't the issue here.

The ban list will prevent subscribing a banned address directly, but I
think there is a way around it. Namely, if addr1 is banned, a person
who can receive confirmations sent to another address can subscribe
that address and then change the subscription address to addr1. I
haven't verified this, but I think it's true. If so, I think it's a
bug.

In your case, you can check Mailman's 'subscribe' log to see if the
banned address actually subscribed, or possibly identify a different
address that subscribed and was possibly later changed to the banned
address. Unfortunately for this investigation, address changes aren't
logged or reported.

subscribe_policy = confirm only means the user has to confirm. It has
nothing to do with banning per se.

As far as prevention is concerned, be sure that admin_notify_mchanges
is Yes so you will be notified of subscribes and unsubscribes (but not
address changes), and consider setting subscribe_policy to 'Require
approval' or 'Confirm and approve'.

-- 
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan