[Mailman-Users] How hard is it to spoof an email?
lists05 at equinephotoart.com
Sun Jan 29 21:15:56 CET 2006
Jp Possenti wrote:
> I have a couple of questions regarding that FAQ link:
> 1. Setting the max_num_recipients to 1 will mean that any time I make a
> newsletter to the public, I need to login and approve that request, correct?
The number of "recipients" is the number of addresses in the email you
compose. When you sent this message (that I'm replying to), you
addressed it to mailman-users at python.org which is just ONE recipient.
(To the mailman server, this message had only one recipient.) If you
had sent this message to mailman-users at python.org and also to the author
of the message you were replying to (via To or CC), then to the mailman
server this message would have had two recipients.
The max_num setting is used to help prevent users from sending messages
addressed "to" (or "cc") many different addresses in a single message.
In most case such messages are not messages you want distributed to your
list. This setting is usually used for discussion lists and the default
is left alone for announcement lists because you control who and how the
posts go to your list by using moderation and approved passwords, rather
than by limiting the number of recipients in the initial email.
> I am just confused about the wording of the command. Does that mean that the
> message will go through but just to 1 person in the list and the other say
> 499 people will not receive it?
No, it does not do that and there is no setting to do that.
> 2. For setting everyone's moderation bit on, I can figure that out as it's
> an option under General -> Additional settings. But for the second part
> regarding posting using an approved:header I don't see that option anywhere.
> How would this work?
I just updated the announcement list FAQ:
The approved header or first line has the following format:
If you are using this on the first line of your post, follow it
with a blank line. Mailman will recognize it as the "header" and
remove it from the body. Follow it with a blank line because the
line following the Approved: line is removed too (in Mailman 2.1.4
I don't know how HTML formatting and other email client oddities may
affect using the approved header in the first line of your post so I
can't be certain that this will work perfectly for you on your first
try. I've seen it happen where someone got confused, didn't use the
approved header as a first line correctly, then approved the message
using the web interface only to discover their message distributed to
the whole list with the password included in the message. So it's
usually a good idea to use a test list with 2 or 3 subscribers and
practice using the "first line of your post" approved password system a
few times so you can be sure that it works as you expect before you try
to use it on a large distribution list.
More information about the Mailman-Users