Hi Mark, thank you for your reply and your helpful remarks.
Indeed, the messages carry an x-mailman-approved header (at lease some of them, others got probably through because then the modification flag was off again). The approved header carries a time stamp with a time zone - this is probably the time at the mailman server, not at the moderators location, right? The header lists -0400 as offset, so this is somewhere on the east coast of the US, probably the GNU mailing list server. Is this a fail assumption? Or would the time stamp carry information about the moderators time zone? I have followed your advice and changed the passwords - will see what happens now. Thanks! - Carsten On Jul 11, 2013, at 1:30 AM, Mark Sapiro <[email protected]> wrote: > On 07/10/2013 04:52 AM, Carsten Dominik wrote: >> >> I am running a mailing list where I have placed a single >> rogue user under moderation by turning on the >> moderation flag for this user. When I leave the interface, go >> back in, the flag is set for the user, as I want it. >> >> However, each time a mail arrives from the user, the flag >> somehow magically flips itself, the message goes through, >> and when I check the user data, the moderation flag is off now. > > > Are you the sole list owner/moderator. If so, change the password(s) and > don't tell anyone the new ones. > > >> I cannot find out how this is possible - I checked the >> whitelist (that is only for non-members, I think) and the >> user is not on it. > > > Yes, accept_these_nonmembers only applies to non members. This can > happen if someone other than you knows a moderator password and is > approving the message and clearing the members moderate flag as part of > the approval. > > If I had to guess, I would suspect that the rogue user has learned or > guessed the list moderator password and when he gets the notice that his > message is held, he approves it and clears his mod flag. > > Other possibilities are he has an agent doing this for him or another > moderator is doing it innocently. > > >> Any ideas where I should look for a problem in my settings? > > > I don't believe it is a problem with settings. I think it is a problem > with someone knowing a password and not behaving as you would wish. > > Do the messages that reach the list have an X-Mailman-Approved-At: header? > > Is admin_immed_notify Yes and do you get a notice of the held message > before it is delivered to the list? > > -- > Mark Sapiro <[email protected]> The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > ------------------------------------------------------ > Mailman-Users mailing list [email protected] > http://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 > Security Policy: http://wiki.list.org/x/QIA9 > Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ > Unsubscribe: > http://mail.python.org/mailman/options/mailman-users/carsten.dominik%40gmail.com ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
