Actually, another test post I sent to a list with a similar configuration just got *posted*, based solely on the Reply-To header (list configuration appended below).

When I posted from artx@sigilservices.com to this other list, which is not subscribed to the list, it got properly rejected (with the nonmember_rejection_notice text).

HOWEVER, when I changed the Reply-To (in the Thunderbird account settings) to athomps@adf.org, which /is/ subscribed to the list, it got *posted* to the list.

Is there something I'm missing here - is this normal behavior?

It doesn't seem to me like someone should be able to post a message to a private list just by changing the Reply-To field to an address they know is on the private list.

thanks, Anthony

config_list -o - adf-mg | egrep -v '#' | egrep -v '^ *$'

real_name = 'ADF-MG' owner = ['adfx@adf.org', 'drumx@yahoo.com', 'athomps@adf.org'] moderator = [] description = 'ADF-MG Mailing List' info = '' subject_prefix = '[adf-mg] ' anonymous_list = False first_strip_reply_to = 1 reply_goes_to_list = 1 reply_to_address = '' umbrella_list = False umbrella_member_suffix = '-owner' send_reminders = 0 welcome_msg = 'Please note: All ADF electronic forums are moderated; the moderation policy is located at http://www.adf.org/forums/lists/moderation.html and you can always reach a human being at adf-listmasterx@adf.org' send_welcome_msg = 0 goodbye_msg = 'If there are any reasons you chose to leave the list that you would like to share, please feel free to email us at adf-listmasterx@adf.org or adf-members-advocatex@adf.org' send_goodbye_msg = 0 admin_immed_notify = True admin_notify_mchanges = 1 respond_to_post_requests = 1 emergency = 0 new_member_options = 0 administrivia = True max_message_size = 0 admin_member_chunksize = 50 host_name = 'lists.adf.org' include_rfc2369_headers = 1 include_list_post_header = 1 max_days_to_hold = 0 preferred_language = 'en' available_languages = ['en'] encode_ascii_prefixes = 0 nondigestable = True msg_header = '' msg_footer = """___________________________________________________________

Unsub: http://www.adf.org/forums/unsubscribe.html?%(list_name)s List archives: http://lists.adf.org/archives/%(list_name)s/ Moderation policy: http://www.adf.org/forums/moderation.html Questions? Mail a human being at ADF-Listmasterx@ADF.ORG""" scrub_nondigest = False regular_exclude_lists = [] regular_include_lists = [] digestable = True digest_is_default = False mime_is_default_digest = False digest_size_threshhold = 50 digest_send_periodic = True digest_header = '' digest_footer = """___________________________________________________________ Unsub: http://www.adf.org/forums/unsubscribe.html?%(list_name)s List archives: http://lists.adf.org/archives/%(list_name)s/ Moderation policy: http://www.adf.org/forums/moderation.html Questions? Mail a human being at ADF-Listmasterx@ADF.ORG""" digest_volume_frequency = 3 advertised = 0 subscribe_policy = 2 unsubscribe_policy = 0 ban_list = [] private_roster = 1 obscure_addresses = 0 default_member_moderation = 0 member_moderation_action = 0 member_moderation_notice = 'If you have any questions about this notice, please contact adf-listmasterx@adf.org' accept_these_nonmembers = [] hold_these_nonmembers = [] reject_these_nonmembers = [] discard_these_nonmembers = [] generic_nonmember_action = 2 forward_auto_discards = 0 nonmember_rejection_notice = """You attempted to post to an ADF mailing list you do not appear to be subscribed to.""" require_explicit_destination = 1 acceptable_aliases = '' max_num_recipients = 8 header_filter_rules = [] bounce_matching_headers = '' bounce_processing = True bounce_score_threshold = 5.0 bounce_info_stale_after = 7 bounce_you_are_disabled_warnings = 3 bounce_you_are_disabled_warnings_interval = 7 bounce_unrecognized_goes_to_list_owner = True bounce_notify_owner_on_disable = True bounce_notify_owner_on_removal = True archive = True archive_private = 1 archive_volume_frequency = 3 nntp_host = '' linked_newsgroup = '' gateway_to_news = 0 gateway_to_mail = 0 news_moderation = 0 news_prefix_subject_too = 1 autorespond_postings = 0 autoresponse_postings_text = '' autorespond_admin = 0 autoresponse_admin_text = '' autorespond_requests = 0 autoresponse_request_text = '' autoresponse_graceperiod = 90 filter_content = 1 filter_mime_types = '' pass_mime_types = '' filter_filename_extensions = """exe bat cmd com pif scr vbs cpl""" pass_filename_extensions = '' collapse_alternatives = True convert_html_to_plaintext = True filter_action = 1 topics_enabled = 0 topics_bodylines_limit = 5 topics = []

list_members adf-mg robbx@illious.com athenax@gmail.com athomps@adf.org savagex@syzygytraining.com kirkx@mac.com drlindax@aol.com lipx@chainolakescamp.com dragonx@hotmail.com drumx@lycos.com seamusx@gmail.com lenex@zoomtown.com kipx@dragonskeep.us