[Mailman-Users] USE_ENVELOPE_SENDER

Mark Sapiro mark at msapiro.net
Mon Feb 9 00:49:58 CET 2009 

Barry Warsaw wrote:

>Does anybody set USE_ENVELOPE_SENDER to Yes these days?


There are potential issues with this with umbrella lists. Perhaps
Mailman 3 will handle these differently, but here is the issue.

There are two message methods, get_sender() and get_senders().
USE_ENVELOPE_SENDER only affects get_sender(). With
USE_ENVELOPE_SENDER false, get_sender() returns the first address
found in From:, Sender: and unixfrom (envelope sender). With
USE_ENVELOPE_SENDER true, the order is Sender:, From: and unixfrom, so
it doesn't even really do what it claims.

get_senders() returns a list of addresses found in those headers
defined in SENDER_HEADERS. The default searches From:, unixfrom,
Reply-To: and Sender: in that order and returns all addresses found.

The Moderate handler first checks the get_senders() list to see if any
address is a list member. The first hit determines whether the post is
from a moderated member. If there are no hits, Moderate goes on the
search *_these_nonmembers for the one address returned by get_sender()

The potential issue is if you want posts to the umbrella list to be
accepted by the child lists without being held, one technique is to
put the umbrella's listname-bounces address in accept_these_nonmembers
of the children, and this requires USE_ENVELOPE_SENDER to be true in
order to work.

There are other ways to accomplish this that don't require
USE_ENVELOPE_SENDER. E.g. subscribing the umbrella's listname-bounces
address to the child lists with delivery (and password reminders)
disabled; using appropriate @listname entries in
accept_these_nonmembers, or making the umbrella anonymous and putting
the umbrella's posting address in the children's
accept_these_nonmembers.

Some of this is in the FAQ at <http://wiki.list.org/x/boA9>.


>I'm considering removing the equivalent of this from Mailman 3.0 and  
>I'd like to know if that would be a hardship for anyone.  If you don't  
>know what this value is (which in Mailman 2 lives in Defaults.py),  
>then you probably won't miss its demise in Mailman 3.
>
>This flag controls whether the Sender: header is considered before the  
>From: header for purposes of trying to determine the email address of  
>the message's author.  At one time in the distant past, this flag was  
>added because it was observed that some MTAs put the RFC 2821 MAIL  
>FROM value into this header, and this was considered less spoofable  
>than the From: header.  I think these assumptions are outdated and  
>this workaround is either unnecessary or hurts more than it helps.


I agree that the use of USE_ENVELOPE_SENDER as an anti-spoof is
outdated, particularly because it doesn't even come into play for the
member/nonmember decision.


>BTW, the default value is No, which tells Mailman to use the From:  
>header first.  I propose hardwiring that default value.
>
>Let me know if this would cause you pain.


I think it will impact some users with umbrella lists depending on how
(or if) umbrella lists are handled in Mailman 3.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list