[Mailman-Users] brainstorming sending options (approval ofmoderated messages)

[Mark Sapiro]

Christopher Adams wrote:

>I have a script that monthly removes the members of a list and then updates it from another file. 
>The default for all members is 'moderated',including the only person who will send messages,  so as 
>to prevent spammers from spoofing list owners email and sending to the 40,000 member list.


If you're not using bin/sync_members in your script, you might want to
consider it.


>I just need to clarify a couple of things about posting to lists. My tests show that if a subscriber 
>is moderated and also is listed as a non-member who has permission to post, a post from that person 
>is considered a post from a moderated member.
>
>So, assuming the above, the only way to allow this person to post without having to go through the 
>approval process would be to send a message with the  Approved: password as the first line.
>
>Could someone verify that this is correct? Are there any other configuration options that would make 
>this work without the sender having to intervene or send the Approved:password line?
>

I won't guarantee that there's no way, but as long as you don't change
the pipeline, I believe that there are no configurations that would
allow a moderated member to post without an Approved: header/line
without going through moderation.

Of course, if there are unmoderated members or non-members allowed to
post, the moderated member could spoof one of these other addresses
and post that way, but you seem to have that covered.

--
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan