Grant Taylor wrote:
On 01/26/09 15:26, Mark Sapiro wrote:
All the headers of the spam post. In a default installation, if any of From:, Reply-To: or Sender: headers or the envelope sender as reflected in the Unix From or Return-Path: header contains a member address, the post will be deemed from that member.
Can this behavior be disabled? IMHO trusting the purported From: / Reply-To: / Sender: / From / Return-Path: headers is a fairly (being nice) "less than wise" thing to do.
You can change/limit which headers are used. See SENDER_HEADERS in Defaults.py, but as has been pointed out, in most cases, you want to look at something to determine if a post is from a list member.
If you're suggesting there should be further authentication of the purported sender, that would be a more difficult implementation and possibly more burdonsome than you would want for legitimate posters.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan