On Mon, 2009-01-26 at 15:44 -0600, Grant Taylor wrote: > On 01/26/09 15:26, Mark Sapiro wrote: > > All the headers of the spam post. In a default installation, if any > > of From:, Reply-To: or Sender: headers or the envelope sender as > > reflected in the Unix From or Return-Path: header contains a member > > address, the post will be deemed from that member. > > Can this behavior be disabled? IMHO trusting the purported From: / > Reply-To: / Sender: / From / Return-Path: headers is a fairly (being > nice) "less than wise" thing to do.
This kind of defeats the purpose, by definition, of a non-moderated, subscribers-only list. This would be the equivalent of setting everyone's mod flag on, at which point it becomes a moderated list. Either you allow subscribers to post, or you don't, and given the manifest security flaws in the standards described in the email RFCs, there's really no way around this. -- Lindsay Haisley | "Everything works | PGP public key FMP Computer Services | if you let it" | available at 512-259-1190 | (The Roadie) | http://pubkeys.fmp.com http://www.fmp.com | | ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9