On Thu, Oct 27, 2011 at 9:37 AM, francis picabia <[email protected]> wrote: > Hello, > > We run a mailing list for staff which should not > receive email from outside of the list membership. > > The only non-member address allowed to post is > another mailing list. > > Today we received a post from [email protected] > and it made it through to the list. > > I see this in the post log file: > > Oct 26 18:21:41 2011 (2999) post to fyi from [email protected], > size=5293, > message-id=<1190302152.2079281319664066415.JavaMail.root@kj-classy012>, > success > > We've tested this with a second small membership and restricted > mailing list for our IT staff, and again a post from kijiji gets through. > > If we email from a gmail account or something, it is blocked as expected. > > In kijiji interface, they allow you to set up the sender, and this is > likely passing the test for the sender, but it is only > the sender in the envelope, which isn't reported in mailman > (nor Postfix in what I saw). > > We've been running the same mailman 2.1.9 from Redhat for > a few years and there has never been a problem like this before. > > I think we would prefer if both the sender From: and the envelope > sender had to match, or had to both be allowed to post. > > Adding the [email protected] address to the rejected senders did not block them, > which isn't surprising as it is looking at the other subscribed sender. > > Anyone else have experiences with that or suggested approaches? >
I looked at older postings in this mailing list and it appears this is a solution: Quoting Mark Sapiro: > If this is your Mailman installation, you could try putting > > SENDER_HEADERS = (None,) > > in mm_cfg.py. This would say that the post is considered to be from a > member only if the envelope sender is a member." I'll try this. ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
