[Mailman-Users] non-subscriber managed to post to a subscriber only list (SOLVED)
Steve Lindemann
steve at marmot.org
Mon Jan 26 23:44:35 CET 2009
Lindsay Haisley wrote:
> On Mon, 2009-01-26 at 15:26 -0700, Steve Lindemann wrote:
>> Thanks! Got it! They spoofed a legitimate list member on the
>> Return-Path:, which also showed up on the first ("From ") message header
>> line.
>
> Both of these reflect the envelope sender address used in the SMTP
> dialog with the mail server.
>
>> I don't suppose there's anything we can do about this other than change
>> that particular user's email address... is there?
>
> You can restrict the set of headers used to identify subscribers using
> the SENDER_HEADERS variable in mm_cfg.py, as Mark indicated. By default
> (in Defaults.py) this is:
>
> SENDER_HEADERS = ('from', None, 'reply-to', 'sender')
>
> You can eliminate the envelope sender address from the mix by setting
> this simply to:
>
> SENDER_HEADERS = ('from', 'reply-to')
>
> or drop 'reply-to' if you want to be even more restrictive.
>
Thanks... I like that solution much more better 8^)
...too many messages going by too quickly. I skimmed Mark's message but
since he was answering Grant's question I didn't read it as closely as I
should have.... I'm going back now to read thru the thread more slowly.
Thanks to all!
--
Steve Lindemann __
Network Administrator //\\ ASCII Ribbon Campaign
Marmot Library Network, Inc. \\// against HTML/RTF email,
http://www.marmot.org //\\ vCards & M$ attachments
+1.970.242.3331 x116
More information about the Mailman-Users
mailing list