[Mailman-Users] Bypass List Moderation

Karl Zander kwz-mm at commpartners.com
Sun Jan 21 22:02:02 CET 2007

Thanks Mark.  The vette logs show several other messages 
approved at the same time as this suspect message.  I am 
guessing it was just an error on the list admins part.

We have a mischievous person forging From: headers and 
posting to the list as if they were that subscriber.  Any 
way to fight this besides moderating everything?  I have 
noted FAQ 3.46 so I am guessing that full moderation is 
our best way for now. mmreencrypt does not look too 


On Sun, 21 Jan 2007 12:36:25 -0800
  Mark Sapiro <msapiro at value.net> wrote:
> Karl Zander wrote:
>>It is possible to get around list moderation? We have a 
>>closed, moderated list. There is only one list 
>>administrator. He claims he did not approve a message 
>>was sent on to the list.
>>Is it possible to craft a message that already contains 
>>X-Mailman-Approved-At: header and get by moderation?
> That header is informational only. Including it in a 
>post won't affect
> moderation or other holds. You can bypass moderation by 
>including a
> Approved: password
> header where password is either the admin or moderator 
> You probably checked, but is the sender of the post a 
>moderated member?
>>Are there logs of moderations actions?
> Holds and approvals of held messages are logged in 
>Mailman's vette log.
> -- 
> Mark Sapiro <msapiro at value.net>       The highway is for 
> San Francisco Bay Area, California    better use your 
>sense - B. Dylan


More information about the Mailman-Users mailing list