I did a bit more digging ... it seems that mail coming in from the GMane system is not being parsed correctly by Mailman.
As a somewhat knee-jerk reaction, I turned on the moderation flag for all subscribers to stop the unauthorized posting. A few minutes ago I got a moderation notification that indicated that a message was being posted from '[EMAIL PROTECTED]'. > As list administrator, your authorization is requested for the > following mailing list posting: > > List: [EMAIL PROTECTED] > From: [EMAIL PROTECTED] > Subject: Re: Making Triggers Resilient > Reason: Post to moderated list The message, however, had not been submitted BY [EMAIL PROTECTED], it was submitted from a normal subscriber. Here's the headers from the message (somewhat scrubbed to protect privacy)... > To: [EMAIL PROTECTED] > From: "Buck Calabro" <[EMAIL PROTECTED]> > Subject: Re: Making Triggers Resilient > Date: Wed, 2 Mar 2005 14:43:43 -0500 > Lines: 16 > Message-ID: <[EMAIL PROTECTED]> > X-Complaints-To: [EMAIL PROTECTED] > X-Gmane-NNTP-Posting-Host: 209-23-60-152.tvc-ip.com > X-MSMail-Priority: Normal > X-Newsreader: Microsoft Outlook Express 5.50.4922.1500 > X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4925.2800 > Sender: news <[EMAIL PROTECTED]> > X-Gmane-MailScanner: Found to be clean > X-Gmane-MailScanner: Found to be clean > X-MailScanner-From: [EMAIL PROTECTED] > X-MailScanner-To: [EMAIL PROTECTED] The only place that [EMAIL PROTECTED] shows up is in the 'X-MailScanner-From:' header. It appears that Mailman is picking up the 'From:' information from the wrong header. Is this a problem with Gmane or Mailman? david Mark Sapiro wrote: > David Gibbs wrote: > >>I have a serious problem here that I can't seem to figure out. I've >>been running Mailman for a very long time and have never seen this >>behavior before. >> >>A person is posting messages via GMane, but they are not subscribed to >>the list. However, their messages are being allowed to post! >> >>I have my list configured with ... >> >>generic_nonmember_action = hold >>accept_these_nonmembers = <empty> >>default_member_moderation = yes >>member_moderation_action = hold >> >>As you can see from this post log entry, the posting was accepted ... >> >>Mar 02 09:26:10 2005 (28195) post to rpg400-l from [EMAIL PROTECTED], >>size=2570, message-id=<[EMAIL PROTECTED]>, success >> >>But '[EMAIL PROTECTED]' is not subscribed to any of my lists. > > > The address in the post log entry ([EMAIL PROTECTED] in this case) is > not necessarily the address which was validated for the list. There > are various possibilities, but for example, the address in the post > log entry could be the From: header address while the address that was > accepted as a member could be the envelope sender (or unixfrom) > address. > > You may be able to get the incoming envelope sender from your MTA logs. > > Also, if the list password has been compromised, the post could have > contained an Approved: header/line. > > Both the original envelope sender and any Approved: header/line are > gone from the post as received from the list making it difficult to > diagnose this. > > Still, looking at the post as received from the list might reveal a > Sender: or Resent-From: or other header that might have a member's > address. > > -- > Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
