Mark Sapiro writes:

 > This is all irrelevant. Since the posts from Gmane are arriving via the
 > NNTP gateway, no membership tests whatsoever are applied to the post -
 > no list member, no moderation, no *_these_nonmembers.

Are you sure?  The way I read

    Received: from lo.gmane.org ([80.91.229.12])
        by panda.hostingbay.net with esmtps (TLSv1:AES256-SHA:256)
        (Exim 4.69) (envelope-from <gcf-listn...@m.gmane.org>)
        id 1NXp0a-0004MT-1K
        for listn...@mydomain; Thu, 21 Jan 2010 15:51:11 +1100

is that it's coming in by SMTP, not via NNTP.

In the post as John receives it, we have

    Sender: listname-boun...@mydomain

but elsewhere he reports that the mbox file contains

    From gcf-myl...@m.gmane.org Thu Jan 21 00:10:24 2010
    Sender: news <n...@ger.gmane.org>
    From: "poster" <pos...@hotmail.com>

So the news@ Sender: should have nothing to do with the stealth
approval via gmane, and the gcf-mylist@ envelope sender presumably is
what is getting those posts through when "poster" is *not* a member.
(I think that envelope sender is a bug in Gmane.)

AFAICS, just moderate gcf-myl...@m.gmane.org and Gmane will no longer
be a vector for stealth posts by nonmembers.  When "poster" is a
member, From: is checked by Mailman before Sender: or the envelope
sender, so will be approved automatically.

 > >There are so many headers I am totally confused as to which ones
 > >can/should be filtered on and which ones shouldn't be.

Up to now, you didn't need to ask, because we didn't know either.
This is very complex, and cannot be simplified at this stage.  For
now, just follow instructions, get the information we need and install
and test the necessary Mailman options.

Getting the information is done, I think.  The next step is to try the
setting the option, either live on your list (slight risk of getting
through which would be a minor nuisance to your member) or borrow
William Bagwell's test list (if that's what he has set up, AIUI).

Once you're satisfied that it's working as you want, *then* we can
explain enough, in straightforward and concrete terms, so that you can
be confident it will keep working, and have some background info about
your own setup if something goes wonky in the future.  (You probably
won't be able to fix it on your own, but if and when you come back,
we'll be able to get to the point much quicker than this time.)
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Reply via email to