Grant Taylor wrote: >On 01/26/09 15:26, Mark Sapiro wrote: >> All the headers of the spam post. In a default installation, if any >> of From:, Reply-To: or Sender: headers or the envelope sender as >> reflected in the Unix From or Return-Path: header contains a member >> address, the post will be deemed from that member. > >Can this behavior be disabled? IMHO trusting the purported From: / >Reply-To: / Sender: / From / Return-Path: headers is a fairly (being >nice) "less than wise" thing to do.
You can change/limit which headers are used. See SENDER_HEADERS in Defaults.py, but as has been pointed out, in most cases, you want to look at something to determine if a post is from a list member. If you're suggesting there should be further authentication of the purported sender, that would be a more difficult implementation and possibly more burdonsome than you would want for legitimate posters. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
