[Mailman-Users] Blocking messages from kijiji (SENDER_HEADERS solution interferes with logging?)

Thu Oct 27 17:27:50 CEST 2011

On Thu, Oct 27, 2011 at 11:22 AM, francis picabia <fpicabia at gmail.com> wrote:
> On Thu, Oct 27, 2011 at 10:07 AM, francis picabia <fpicabia at gmail.com> wrote:
>> On Thu, Oct 27, 2011 at 9:54 AM, francis picabia <fpicabia at gmail.com> wrote:
>>> On Thu, Oct 27, 2011 at 9:37 AM, francis picabia <fpicabia at gmail.com> wrote:
>>>> Hello,
>>>>
>>>> We run a mailing list for staff which should not
>>>> receive email from outside of the list membership.
>>>>
>>>> The only non-member address allowed to post is
>>>> another mailing list.
>>>>
>>>> Today we received a post from post at kijiji.ca
>>>> and it made it through to the list.
>>>>
>>>> I see this in the post log file:
>>>>
>>>> Oct 26 18:21:41 2011 (2999) post to fyi from post at kijiji.ca,
>>>> size=5293, message-id=<1190302152.2079281319664066415.JavaMail.root at kj-classy012>,
>>>> success
>>>>
>>>> We've tested this with a second small membership and restricted
>>>> mailing list for our IT staff, and again a post from kijiji gets through.
>>>>
>>>> If we email from a gmail account or something, it is blocked as expected.
>>>>
>>>> In kijiji interface, they allow you to set up the sender, and this is
>>>> likely passing the test for the sender, but it is only
>>>> the sender in the envelope, which isn't reported in mailman
>>>> (nor Postfix in what I saw).
>>>>
>>>> We've been running the same mailman 2.1.9 from Redhat for
>>>> a few years and there has never been a problem like this before.
>>>>
>>>> I think we would prefer if both the sender From: and the envelope
>>>> sender had to match, or had to both be allowed to post.
>>>>
>>>> Adding the post at kijiji.ca address to the rejected senders did not block them,
>>>> which isn't surprising as it is looking at the other subscribed sender.
>>>>
>>>> Anyone else have experiences with that or suggested approaches?
>>>>
>>>
>>> I looked at older postings in this mailing list and it appears this is
>>> a solution:
>>>
>>> Quoting Mark Sapiro:
>>>
>>>> If this is your Mailman installation, you could try putting
>>>>
>>>> SENDER_HEADERS = (None,)
>>>>
>>>> in mm_cfg.py. This would say that the post is considered to be from a
>>>> member only if the envelope sender is a member."
>>>
>>> I'll try this.
>>>
>>
>> On second thought what we needed is similar, but probably:
>>
>> SENDER_HEADERS = ('from')
>>
>> Would there be problems "from" this?
>>
>> For internal emails we already use canonical_maps in
>> postfix to standardize the from address into something
>> predictable.
>>
>
> This works, but of course it has caught someone using another
> unconventional list
> with a problem of the sort: "but it always worked this way before".
>
> I check out the /var/log/maillog area for signs the user
> is caught by this change, but oddly, nothing is
> appearing in the logs.  It appears than restricting
> the SENDER_HEADERS this way causes no logging
> on the mailman end.  Is there a way to fix this?
>

I've now removed the SENDER_HEADERS configuration.  It was interfering
with too much delivery to our lists which should have gone through,
and without logging in mailman, I don't know why.