[Mailman-Users] non-subscriber managed to post to a subscriberonlylist

Grant Taylor gtaylor at riverviewtech.net
Mon Jan 26 23:18:39 CET 2009

On 01/26/09 16:16, Mark Sapiro wrote:
> You can change/limit which headers are used. See SENDER_HEADERS in 
> Defaults.py, but as has been pointed out, in most cases, you want to 
> look at something to determine if a post is from a list member.

I'll take a look.

> If you're suggesting there should be further authentication of the 
> purported sender, that would be a more difficult implementation and 
> possibly more burdonsome than you would want for legitimate posters.

I know that it is easy to spoof a lot of things in email.  Hence why I 
was wanting to remove "Reply-To:", "Sender:", unix From, and "Return-Path:".

Indeed, having posters /prove/ who they are is likely going to be difficult.

Grant. . . .

More information about the Mailman-Users mailing list