[Mailman-Users] Mailman blocks messages based on reply-to address

[Mark Sapiro]

Rene Hamburger wrote:
>
>I am forwarding emails to a mailing list after I have included the original
>sender's email as the reply-to address. It works fine as long as the
>reply-to address is not on the actual email list. But when it is, mailman
>recognises it as being moderated and blocks the email. Is that a feature or
>a bug? :)


This is a feature. By default, the address(es) in the From: header, the
envelope from, the Reply-To: header and the Sender: header are
examined in that order and if any of them are a list member, the post
is considered to be from the first member found for moderation
purposes.

The question is, the From: should be your address, so is that address a
list member? If not, why not? If so, and you are not moderated, the
Reply-To: address should not be considered unless you have overridden
the definition of SENDER_HEADERS in mm_cfg.py.

If you put this

SENDER_HEADERS = ('from', None, 'sender')

in mm_cfg.py, i.e. drop reply-to from the default

SENDER_HEADERS = ('from', None, 'reply-to', 'sender')

then Mailman won't consider the Reply-To: when determining a moderated
member post.

But, As I say, I don't understand why your own From: is not controlling
unless you aren't a list member and are in accept_these_nonmembers
instead. If that is the case, why? It provides no security or spoof
resistance over your being a member, and if you're really concerned
about spoofing, everyone should be moderated and you should post with
an Approved: password header.

And even with no other changes, posting with an Approved: password
header will prevent the post being held regardless of the Reply-To:.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan