Henry Hartley wrote:
>
>Looking at the header of one of the message, however, and I see that
>although they show up as From that single banned address, there are
>multiple addresses in the From field. At least one other of the
>addresses is a valid list address. I assume that as long as at least one
> From address is valid, mailman will let it through the gate. Is that
>right?
Yes, that is correct. Mailman considers a post to be from a member if
an address in any place defined in SENDER_HEADERS is a list member.
The default setting is
SENDER_HEADERS = ('from', None, 'reply-to', 'sender')
Which means that if any of the From: header, the envelope sender, the
Reply-To: header or the Sender: header contains a member address, the
post is considered to be from that member.
>Should there be some setting to only let in mail with a single
> From address? I can't see any reason to allow multiple From values.
The message standards (RFC 822, RFC 2822 and RFC 5322) allow multiple
addresses in From: headers.
>Or
>possibly a setting that says "all From addresses must be on the list".
Perhaps that would be useful, but it doesn't currently exist.
If this is your Mailman installation, you could try putting
SENDER_HEADERS = (None,)
in mm_cfg.py. This would say that the post is considered to be from a
member only if the envelope sender is a member.
This could potentially block legitimate mail From: a member with a
non-member envelope sender, e.g. if u...@example.com is a member and
the message is From: u...@example.com, but the envelope is from
u...@mail.example.com or users_alter_...@example.com, but I suspect it
might actually work OK, but you would need to set
generic_nonmember_action to Hold or Reject rather than Discard, at
least initially, to find the cases in which it doesn't work.
--
Mark Sapiro <m...@msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
