[Mailman-Users] determine the sender's email address?
Mark Sapiro
msapiro at value.net
Fri Jun 9 01:32:16 CEST 2006
Jennifer Oxelson wrote:
>
>How does Mailman recognize/determine the sender's email address? E.g.,
>FROM, REPLY-TO, RECEIVED, etc?
Quoting from Defaults.py
# Membership tests for posting purposes are usually performed by
looking at a
# set of headers, passing the test if any of their values match a
member of
# the list. Headers are checked in the order given in this variable.
The
# value None means use the From_ (envelope sender) header. Field names
are
# case insensitive.
SENDER_HEADERS = ('from', None, 'reply-to', 'sender')
The above is used to determine whether or not the post was sent by a
list member. If it is determined that none of the SENDER_HEADERS
addresses is a list member, then the sender for additional tests
(*_these_nonmembers) depends on USE_ENVELOPE_SENDER. If
USE_ENVELOPE_SENDER is No, it is the first address found in From: if
any, else Sender:. If USE_ENVELOPE_SENDER is Yes, it is the Sender: if
any, else first From:.
>Also, has anyone ever encountered any issues with spoofing when
>configuring the sender filters of a list to accept/reject addresses via
>a specified domain? E.g., Mailman FAQ Entry #3.33: How do I accept or
>reject all addresses from a particular domain?
>(http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq03.033.htp)
Probably. It is easy enough to spoof the From: or other addresses. If I
know you accept any address @example.com, I can spoof that. As I note
above, the address which is matched against accept_these_nonmembers is
jenerally either From: or Sender: depending on the mm_cfg.py setting
of USE_ENVELOPE_SENDER.
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list