On Mon, 2009-01-26 at 15:44 -0600, Grant Taylor wrote:
> On 01/26/09 15:26, Mark Sapiro wrote:
> > All the headers of the spam post. In a default installation, if any 
> > of From:, Reply-To: or Sender: headers or the envelope sender as 
> > reflected in the Unix From or Return-Path: header contains a member 
> > address, the post will be deemed from that member.
> 
> Can this behavior be disabled?  IMHO trusting the purported From: / 
> Reply-To: / Sender: / From / Return-Path: headers is a fairly (being 
> nice) "less than wise" thing to do.

This kind of defeats the purpose, by definition, of a non-moderated,
subscribers-only list.  This would be the equivalent of setting
everyone's mod flag on, at which point it becomes a moderated list.
Either you allow subscribers to post, or you don't, and given the
manifest security flaws in the standards described in the email RFCs,
there's really no way around this.

-- 
Lindsay Haisley       | "Everything works    |     PGP public key
FMP Computer Services |       if you let it" |      available at
512-259-1190          |    (The Roadie)      | http://pubkeys.fmp.com
http://www.fmp.com    |                      |



------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Reply via email to