[Mailman-Users] non-subscriber managed to post to a subscriberonlylist
Mark Sapiro
mark at msapiro.net
Mon Jan 26 23:16:02 CET 2009
Grant Taylor wrote:
>On 01/26/09 15:26, Mark Sapiro wrote:
>> All the headers of the spam post. In a default installation, if any
>> of From:, Reply-To: or Sender: headers or the envelope sender as
>> reflected in the Unix From or Return-Path: header contains a member
>> address, the post will be deemed from that member.
>
>Can this behavior be disabled? IMHO trusting the purported From: /
>Reply-To: / Sender: / From / Return-Path: headers is a fairly (being
>nice) "less than wise" thing to do.
You can change/limit which headers are used. See SENDER_HEADERS in
Defaults.py, but as has been pointed out, in most cases, you want to
look at something to determine if a post is from a list member.
If you're suggesting there should be further authentication of the
purported sender, that would be a more difficult implementation and
possibly more burdonsome than you would want for legitimate posters.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list