> Ian, I think that alternative is going to be Mailman 3 :).

So, when is this going to be fixed in Mailman 3?

We have the end of 2022, and this bug from 2008 is still unfixed. I was able to 
generate backscatter to arbitrary addresses (Envelope-FROM) by sending 
(Envelope-RCPT) to an eMail address whose localpart is a nōn-existent list and 
whose domain is a server running Mailman 3 (stock from Debian).

Thanks to this, the list server was just blacklisted by its provider, which is 
a very unfortunate situation.

So, what can be done about this? Why can Mailman not just generate a list of 
valid addresses, which Postfix can then use? Ideally even via PostgreSQL to 
avoid the need for reloads (AIUI).

Thanks in advance,
Mailman-Developers mailing list -- mailman-developers@python.org
To unsubscribe send an email to mailman-developers-le...@python.org
Mailman FAQ: https://wiki.list.org/x/AgA3

Security Policy: https://wiki.list.org/x/QIA9

Reply via email to