[Mailman-Users] Replies from non-members getting posted to list setto allow posts by subscribers only

Mark Sapiro mark at msapiro.net
Mon Jun 21 18:25:49 CEST 2010 

Anthony R. Thompson wrote:
>
>I went into the inbox of that account, chiraelx at gmail.com, which is not 
>a subscriber, and *replied* to one of the posts it had received when it 
>*was* on the list.
>
>I expected to get a rejection notice back since chiraelx at gmail.com isn't 
>a subscriber but... the post went through.
>
>I got it at the athompsx at adf.org address, I looked at the headers and it 
>was sent From chiraelx at gmail.com with adf-www in the To and Reply-To 
>fields, with adf-www-bounces in the sender field.  Further, I confirmed 
>it by checking the mbox file for the list.


The archives/private/LIST.mbox/LIST.mbox file will show the original
Sender: header if any, but the original Reply-To: was munged by your
first_strip_reply_to and reply_goes_to_list settings before the
message was archived.

Did you send the reply from gmail web mail or from a mail client. If
from a client, check what it puts in Reply-To: or in any case, send
another test with a Bcc: to your direct address and see what you get
there.


[...]
>So what I'm left with is a non-subscriber, which used to be a 
>subscriber, apparently able to post to a list I'm pretty sure is 
>configured to only allow posts from subscribers.


If you haven't changed SENDER_HEADERS in mm_cfg.py, the relevant
headers for testing list membership for posts are From: Reply-To:
Sender: and the envelope sender. The original From: and Sender:
headers will be in the message in the
archives/private/LIST.mbox/LIST.mbox file and the envelope sender will
be in the initial "From " separator line in the .mbox, but you can't
see the initial Reply-To: because you mung it.

You could just generate a reply as you did in your two tests, but then
change the To: address from the list to you to see what Reply-To:
header you get.


[...]
>first_strip_reply_to = 1
>reply_goes_to_list = 1

Reply-To munging


[...]
>accept_these_nonmembers = []

Good.


[...]
>generic_nonmember_action = 2

Reject. Good.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list