[Mailman-Users] ban member from joining not working
Mark Sapiro
msapiro at value.net
Mon Nov 28 17:19:25 CET 2005
Rae wrote:
>
>Thanks for the response. I did have a specific email address in the
>ban list and that specific email address was able to subscribe even
>though the list's subscription is set to confirm. Any ideas as to
>what else I should look for or do to prevent this from happening again?
Actually, when I said the ban list only bans specific email addresses
from subscribing, I was forgetting that the ban list can also contain
regexps, but that isn't the issue here.
The ban list will prevent subscribing a banned address directly, but I
think there is a way around it. Namely, if addr1 is banned, a person
who can receive confirmations sent to another address can subscribe
that address and then change the subscription address to addr1. I
haven't verified this, but I think it's true. If so, I think it's a
bug.
In your case, you can check Mailman's 'subscribe' log to see if the
banned address actually subscribed, or possibly identify a different
address that subscribed and was possibly later changed to the banned
address. Unfortunately for this investigation, address changes aren't
logged or reported.
subscribe_policy = confirm only means the user has to confirm. It has
nothing to do with banning per se.
As far as prevention is concerned, be sure that admin_notify_mchanges
is Yes so you will be notified of subscribes and unsubscribes (but not
address changes), and consider setting subscribe_policy to 'Require
approval' or 'Confirm and approve'.
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list