[Mailman-Users] Replies from non-members getting posted to list set to allow posts by subscribers only

Anthony R. Thompson athomps at adf.org
Tue Jun 22 09:48:07 CEST 2010 

Actually, another test post I sent to a list with a similar 
configuration just got *posted*, based solely on the Reply-To header 
(list configuration appended below).

When I posted from artx at sigilservices.com to this other list, which is 
not subscribed to the list, it got properly rejected (with the 
nonmember_rejection_notice text).

HOWEVER, when I changed the Reply-To (in the Thunderbird account 
settings) to athomps at adf.org, which /is/ subscribed to the list, it got 
*posted* to the list.

Is there something I'm missing here - is this normal behavior?

It doesn't seem to me like someone should be able to post a message to a 
private list just by changing the Reply-To field to an address they know 
is on the private list.

thanks,
Anthony

config_list -o - adf-mg | egrep -v '#' | egrep -v '^ *$'

real_name = 'ADF-MG'
owner = ['adfx at adf.org', 'drumx at yahoo.com', 'athomps at adf.org']
moderator = []
description = 'ADF-MG Mailing List'
info = ''
subject_prefix = '[adf-mg] '
anonymous_list = False
first_strip_reply_to = 1
reply_goes_to_list = 1
reply_to_address = ''
umbrella_list = False
umbrella_member_suffix = '-owner'
send_reminders = 0
welcome_msg = 'Please note: All ADF electronic forums are moderated; the 
moderation policy is located at 
http://www.adf.org/forums/lists/moderation.html and you can always reach 
a human being at adf-listmasterx at adf.org'
send_welcome_msg = 0
goodbye_msg = 'If there are any reasons you chose to leave the list that 
you would like to share, please feel free to email us at 
adf-listmasterx at adf.org or adf-members-advocatex at adf.org'
send_goodbye_msg = 0
admin_immed_notify = True
admin_notify_mchanges = 1
respond_to_post_requests = 1
emergency = 0
new_member_options = 0
administrivia = True
max_message_size = 0
admin_member_chunksize = 50
host_name = 'lists.adf.org'
include_rfc2369_headers = 1
include_list_post_header = 1
max_days_to_hold = 0
preferred_language = 'en'
available_languages = ['en']
encode_ascii_prefixes = 0
nondigestable = True
msg_header = ''
msg_footer = """___________________________________________________________

Unsub: http://www.adf.org/forums/unsubscribe.html?%(list_name)s
List archives: http://lists.adf.org/archives/%(list_name)s/
Moderation policy: http://www.adf.org/forums/moderation.html
Questions?  Mail a human being at ADF-Listmasterx at ADF.ORG"""
scrub_nondigest = False
regular_exclude_lists = []
regular_include_lists = []
digestable = True
digest_is_default = False
mime_is_default_digest = False
digest_size_threshhold = 50
digest_send_periodic = True
digest_header = ''
digest_footer = 
"""___________________________________________________________
Unsub: http://www.adf.org/forums/unsubscribe.html?%(list_name)s
List archives: http://lists.adf.org/archives/%(list_name)s/
Moderation policy: http://www.adf.org/forums/moderation.html
Questions?  Mail a human being at ADF-Listmasterx at ADF.ORG"""
digest_volume_frequency = 3
advertised = 0
subscribe_policy = 2
unsubscribe_policy = 0
ban_list = []
private_roster = 1
obscure_addresses = 0
default_member_moderation = 0
member_moderation_action = 0
member_moderation_notice = 'If you have any questions about this notice, 
please contact adf-listmasterx at adf.org'
accept_these_nonmembers = []
hold_these_nonmembers = []
reject_these_nonmembers = []
discard_these_nonmembers = []
generic_nonmember_action = 2
forward_auto_discards = 0
nonmember_rejection_notice = """You attempted to post to an ADF mailing 
list you do not appear to be subscribed to."""
require_explicit_destination = 1
acceptable_aliases = ''
max_num_recipients = 8
header_filter_rules = []
bounce_matching_headers = ''
bounce_processing = True
bounce_score_threshold = 5.0
bounce_info_stale_after = 7
bounce_you_are_disabled_warnings = 3
bounce_you_are_disabled_warnings_interval = 7
bounce_unrecognized_goes_to_list_owner = True
bounce_notify_owner_on_disable = True
bounce_notify_owner_on_removal = True
archive = True
archive_private = 1
archive_volume_frequency = 3
nntp_host = ''
linked_newsgroup = ''
gateway_to_news = 0
gateway_to_mail = 0
news_moderation = 0
news_prefix_subject_too = 1
autorespond_postings = 0
autoresponse_postings_text = ''
autorespond_admin = 0
autoresponse_admin_text = ''
autorespond_requests = 0
autoresponse_request_text = ''
autoresponse_graceperiod = 90
filter_content = 1
filter_mime_types = ''
pass_mime_types = ''
filter_filename_extensions = """exe
bat
cmd
com
pif
scr
vbs
cpl"""
pass_filename_extensions = ''
collapse_alternatives = True
convert_html_to_plaintext = True
filter_action = 1
topics_enabled = 0
topics_bodylines_limit = 5
topics = []

list_members adf-mg
robbx at illious.com
athenax at gmail.com
athomps at adf.org
savagex at syzygytraining.com
kirkx at mac.com
drlindax at aol.com
lipx at chainolakescamp.com
dragonx at hotmail.com
drumx at lycos.com
seamusx at gmail.com
lenex at zoomtown.com
kipx at dragonskeep.us

More information about the Mailman-Users mailing list