[Mailman-Users] non-subscriber managed to post to a subscriberonlylist
Grant Taylor
gtaylor at riverviewtech.net
Mon Jan 26 23:18:39 CET 2009
On 01/26/09 16:16, Mark Sapiro wrote:
> You can change/limit which headers are used. See SENDER_HEADERS in
> Defaults.py, but as has been pointed out, in most cases, you want to
> look at something to determine if a post is from a list member.
I'll take a look.
> If you're suggesting there should be further authentication of the
> purported sender, that would be a more difficult implementation and
> possibly more burdonsome than you would want for legitimate posters.
I know that it is easy to spoof a lot of things in email. Hence why I
was wanting to remove "Reply-To:", "Sender:", unix From, and "Return-Path:".
Indeed, having posters /prove/ who they are is likely going to be difficult.
Grant. . . .
More information about the Mailman-Users
mailing list