On Mon, 2009-01-26 at 16:03 -0600, Barry Finkel wrote: > We had a case last week when someone sent mail with a spoofed > > "From: ...." > > line that contained the e-mail address of the list owner.
Unless the list owner is also a subscriber with his/her mod flag turned off, the fact that something is posted from an owner or moderator address carries no weight with Mailman. I have to deal with this all the time with distribution-only lists which have everyone's moderator flag turned off, and the customer gets a new mail admin staffer who doesn't understand how to use the list, and even though they're listed as list owner they can't post until they subscribe and unset their mod flag (or use an Approved: pseudo-header). Extreme paranoia is the ideal starting point for good Internet security. -- Lindsay Haisley | "In an open world, | PGP public key FMP Computer Services | who needs Windows | available at 512-259-1190 | or Gates" | http://pubkeys.fmp.com http://www.fmp.com | | ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
