[Mailman-Users] Using Accepted <password> in the header

[Mark Sapiro]

Peter Kofod wrote:

>I have an announce-only list with one member who can post.  I have it
>set up so that he is not moderated, all others are moderated.
>Currently, I discard moderated postings as well as non-member postings.
>I want to tighten the setup a bit more so that the list owner (who is
>the only non moderated user) has to send the Accepted <password>
>function in the email header.  This is to prevent spoofing of the sender
>email address.  How do I do this, while keeping the rest of the settings
>the same?  (Discarding moderated member and non member postings).  Not
>sure how to set that in the web interface and/or list_config file.


All you need to do in the web interface is to set the authorized poster
to 'moderated' along with everyone else.

You don't need to do anything special to enable the use of the

Approved: password

header. That is always available. Note that the name of the header is
Approved: or Approve:, not Accepted:, and password is either the
list's admin password or the list's moderator password.

Use of the Approved: header with correct password bypasses all tests
for holding, rejecting, discarding or accepting messages except for
Privacy options...->Spam filters->header_filter_rules and the
mm_cfg.py setting for KNOWN_SPAMMERS.

-- 
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan