[Mailman-Users] How to blocking malicious subscription requests?
Jay R. Ashworth
jra at baylink.com
Tue Sep 5 13:22:30 EDT 2017
----- Original Message -----
> From: "Mark Sapiro" <mark at msapiro.net>
> On 09/05/2017 09:45 AM, Grant Taylor via Mailman-Users wrote:
>>
>> Is Mailman aware of user+detail? Or does is it naively view the entire
>> userpart as distinct? Thus allowing as many many subscriptions using
>> detail as possible?
>>
>> I know of at least one very major mail provider (possibly the same one)
>> that removes dots from the user part. So the following addresses are
>> equivalent.
>
>
> Mailman 2.1.x considers all these to be different users. E.g.
>
> joe at example.com
> joe+mm_list at example.com
> joe+other at example.com
> j.oe at example.com
>
> are four distinct users as far as Mailman is concerned.
And, albeit arguably, I think that's the correct behavior. Plushacking is
a hack specifically to make recipient filtering easier and more reliable;
since you cant expect outsiders to assume it, you have to yourself treat it
as separate mailboxes, and assume they will as well. As mailman does.
It is, in short, a way to create additional recipient mailboxes when
the user in question doesn't have administrative permission to do that;
assuming the user's receiving MUA will do the right thing -- but that's
the only computer it requires you to make an assumption about.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
More information about the Mailman-Users
mailing list