[Mailman-Users] Sender's address only in Reply-to field

Tue, 12 Jun 2012 10:38:00 -0700 

Hi all,

I'm administering a Mailman list using version 2.1.14. It's a private list, 
whereby only list members can post to it ("generic_nonmember_action" is set to 
discard).

I've just had an email sent through the list which was sent from a web service 
(Evite.com to be precise) by one of the list members. The email itself had an 
evite.com address in the From header, and had the list member's own address in 
the Reply-To header. The email was accepted by Mailman and delivered to all 
list members.

This surprised me, as I assumed that a list member's address would have to be 
in the From field for it to be accepted, whereas in this case their address was 
exclusively in the Reply-To field. Is that how it's supposed to be? Surely 
Mailman should only consider the From field when checking the identity of the 
sender of the email?

Is there any setting in Mailman that will make it only consider the From field 
and not the Reply-To field when accepting an email?

Secondly, what's the best or appropriate way for me to then block emails from a 
third-party sender (such as Evite) which is using this Reply-To "trick", if I 
don't want those emails to be delivered to my list?

I tried putting the full evite.com email address into the 
"discard_these_nonmembers" field on the [Sender filters] page, but that didn't 
work. When I tested it afterwards, the email from Evite.com still was accepted 
by Mailman and not discarded.

I suppose I could add the Evite address as an actual member, and then mark that 
member for moderation, but I'd rather not have to do that. I feel like I ought 
to be able to just add the Evite address to the discard list and have it 
automatically discarded there, or some similar solution. The Membership List 
page should really only be used for actual list members.

Regards,
Jeremy


------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Reply via email to