[Mailman-Users] non-subscriber managed to post to asubscriber onlylist
Barry Finkel
b19141 at anl.gov
Tue Jan 27 14:19:05 CET 2009
On Mon, 2009-01-26 at 16:03 -0600, Barry Finkel wrote:
>> We had a case last week when someone sent mail with a spoofed
>>
>> "From: ...."
>>
>> line that contained the e-mail address of the list owner.
I also wrote:
>> In our case, the list owner temporarily moderated his e-mail address.
And Lindsay Haisley <fmouse-mailman at fmp.com> replied:
>Unless the list owner is also a subscriber with his/her mod flag turned
>off, the fact that something is posted from an owner or moderator
>address carries no weight with Mailman. I have to deal with this all
>the time with distribution-only lists which have everyone's moderator
>flag turned off, and the customer gets a new mail admin staffer who
>doesn't understand how to use the list, and even though they're listed
>as list owner they can't post until they subscribe and unset their mod
>flag (or use an Approved: pseudo-header).
The list owner is subscribed and is an active participant in the list.
If the list owner had not been subscribed, he could not have
temporarily moderated his e-mail address.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the Mailman-Users
mailing list