[Mailman-Users] non-subscriber managed to post to a subscriber onlylist

Lindsay Haisley fmouse-mailman at fmp.com
Mon Jan 26 22:55:07 CET 2009

On Mon, 2009-01-26 at 15:44 -0600, Grant Taylor wrote:
> On 01/26/09 15:26, Mark Sapiro wrote:
> > All the headers of the spam post. In a default installation, if any 
> > of From:, Reply-To: or Sender: headers or the envelope sender as 
> > reflected in the Unix From or Return-Path: header contains a member 
> > address, the post will be deemed from that member.
> Can this behavior be disabled?  IMHO trusting the purported From: / 
> Reply-To: / Sender: / From / Return-Path: headers is a fairly (being 
> nice) "less than wise" thing to do.

This kind of defeats the purpose, by definition, of a non-moderated,
subscribers-only list.  This would be the equivalent of setting
everyone's mod flag on, at which point it becomes a moderated list.
Either you allow subscribers to post, or you don't, and given the
manifest security flaws in the standards described in the email RFCs,
there's really no way around this.

Lindsay Haisley       | "Everything works    |     PGP public key
FMP Computer Services |       if you let it" |      available at
512-259-1190          |    (The Roadie)      | http://pubkeys.fmp.com
http://www.fmp.com    |                      |

More information about the Mailman-Users mailing list