Mailman keying on Sender: Field
I noticed that Mailman keys on the Sender: field when you email in a subscription request. Is this really necessary? Is it possible to reconfigure Mailman to key on the From: field instead? Is this more or less desirable? Since confirmations are always in place it seems to me that there's enough protection as it is without using the Sender: field.
-- Roberto Ullfig : rullfig@uchicago.edu Systems Administrator Networking Services and Information Technologies University of Chicago
In message <38D8D47F.219AEA87@uchicago.edu>, Roberto Ullfig writes:
I noticed that Mailman keys on the Sender: field when you email in a subscription request. Is this really necessary? Is it possible to reconfigure Mailman to key on the From: field instead? Is this more or less desirable? Since confirmations are always in place it seems to me that there's enough protection as it is without using the Sender: field.
That will be in the 2.0 release. It's supposed to be supported in 1.1, but it's a little broken. I posted a patch to 1.1 that allows From matching, so you can check the archives and find it if you don't want to wait.
-- Ted Cabeen http://www.pobox.com/~secabeen secabeen@pobox.com Check Website or finger for PGP Public Key secabeen@midway.uchicago.edu "I have taken all knowledge to be my province." -F. Bacon cococabeen@aol.com "Human kind cannot bear very much reality."-T.S.Eliot 73126.626@compuserve.com
"RU" == Roberto Ullfig <rullfig@uchicago.edu> writes:
RU> I noticed that Mailman keys on the Sender: field when you
RU> email in a subscription request. Is this really necessary? Is
RU> it possible to reconfigure Mailman to key on the From: field
RU> instead? Is this more or less desirable? Since confirmations
RU> are always in place it seems to me that there's enough
RU> protection as it is without using the Sender: field.In Mailman 2.0 (currently at beta 1), this has been made much more consistent. There's a configuration variable called USE_ENVELOPE_SENDER which controls this; the default is now to use From: followed by Sender: then the envelope sender.
-Barry
"Barry A. Warsaw" wrote:
"RU" == Roberto Ullfig <rullfig@uchicago.edu> writes:
RU> I noticed that Mailman keys on the Sender: field when you RU> email in a subscription request. Is this really necessary? Is RU> it possible to reconfigure Mailman to key on the From: field RU> instead? Is this more or less desirable? Since confirmations RU> are always in place it seems to me that there's enough RU> protection as it is without using the Sender: field.In Mailman 2.0 (currently at beta 1), this has been made much more consistent. There's a configuration variable called USE_ENVELOPE_SENDER which controls this; the default is now to use From: followed by Sender: then the envelope sender.
That sounds good. I have a related question that perhaps someone on this list can answer. Can the Sender: field be changed by sendmail configuration? For instance would masquerading ever effect this field or is changing the Sender: field verboten?
-- Roberto Ullfig : rullfig@uchicago.edu Systems Administrator Networking Services and Information Technologies University of Chicago
participants (3)
-
Barry A. Warsaw -
Roberto Ullfig -
Ted Cabeen