[Mailman-Users] determine the sender's email address?

Mark Sapiro msapiro at value.net
Fri Jun 9 01:32:16 CEST 2006

Jennifer Oxelson wrote:
>How does Mailman recognize/determine the sender's email address?  E.g., 

Quoting from Defaults.py

# Membership tests for posting purposes are usually performed by
looking at a
# set of headers, passing the test if any of their values match a
member of
# the list.  Headers are checked in the order given in this variable. 
# value None means use the From_ (envelope sender) header.  Field names
# case insensitive.
SENDER_HEADERS = ('from', None, 'reply-to', 'sender')

The above is used to determine whether or not the post was sent by a
list member. If it is determined that none of the SENDER_HEADERS
addresses is a list member, then the sender for additional tests
(*_these_nonmembers) depends on USE_ENVELOPE_SENDER. If
USE_ENVELOPE_SENDER is No, it is the first address found in From: if
any, else Sender:. If USE_ENVELOPE_SENDER is Yes, it is the Sender: if
any, else first From:.

>Also, has anyone ever encountered any issues with spoofing when 
>configuring the sender filters of a list to accept/reject addresses via 
>a specified domain?  E.g., Mailman FAQ Entry #3.33:  How do I accept or 
>reject all addresses from a particular domain?  

Probably. It is easy enough to spoof the From: or other addresses. If I
know you accept any address @example.com, I can spoof that. As I note
above, the address which is matched against accept_these_nonmembers is
jenerally either From: or Sender: depending on the mm_cfg.py setting

Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list