[Mailman-Users] Mailman and Postfix Best practices to avoid fakesenders

[Mark Sapiro]

Dimitrios Karapiperis wrote:
>
>I am still investigating ways how to eliminate the danger on malicious 
>postings on a moderated list (announce-only - newsletter) by
>forged sender or From addresses.
>
>Except from the moderation,
>are there any ways on the MTA side (postfix) asssting on this situation?


I don't know about the MTA side, but since this is an announce list, on
the Mailman side just moderate everyone and post using an Approved:
header. See the FAQ at <http://wiki.list.org/x/XIA9>.

The Approved: header contains either the list admin or list moderator
password and can also be the first line of the first text/plain part
of the message, however in the latter case, if the message is
multipart/alternative, removal of the Approved line from the fancy
text part is on a best effort basis and is not absolutely guaranteed,
so the true header is preferred.

Also see the FAQ at <http://wiki.list.org/x/3YA9> for more suggestions
about announcement lists.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan