--On 19 October 2006 10:35:37 +0900 [EMAIL PROTECTED] wrote:
> Giuliano Gavazzi writes: > > > I have then noticed that the confirm address (listname-confirm > > [EMAIL PROTECTED]) and the request address ([EMAIL PROTECTED]) act as > > mirrors to the alleged envelope sender, sending back the whole email > > after the parsed commands. > > This kind of thing has been mentioned, I think, in respect of bounce > messages. > > I think the real solution has to be to send only generated text when > that will do. In case of a problem the original message should be > stored (and queued for deletion after the usual period for expiration > of a confirmation), and a reply generated containing an error message, > and the URL of the original message for diagnostic purposes. > Of course, this is a kind of open relay. If you can get email through to the listname-request address, then you can get Mailman to send email to any address that you like. I hope that's not true of listname-confirm… Oh, but it is. If it sees an unrecognised request, it will respond in the belief that it's an expired request. I have no real information on how often those addresses are really used, but I suspect that most list interaction is through the web these days. Is it possible to turn off listname-request for the site? And, perhaps, to use a much longer expiry time (months rather than days), and ignore or moderated unrecognised requests. Better would be some opportunity to reject them early, so the MTA has a chance of rejecting the incoming email. -- Ian Eiloart IT Services, University of Sussex _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
