[Mailman-Users] non-subscriber managed to post to a subscriberonly list
fmouse-mailman at fmp.com
Mon Jan 26 23:38:54 CET 2009
On Mon, 2009-01-26 at 15:26 -0700, Steve Lindemann wrote:
> Thanks! Got it! They spoofed a legitimate list member on the
> Return-Path:, which also showed up on the first ("From ") message header
Both of these reflect the envelope sender address used in the SMTP
dialog with the mail server.
> I don't suppose there's anything we can do about this other than change
> that particular user's email address... is there?
You can restrict the set of headers used to identify subscribers using
the SENDER_HEADERS variable in mm_cfg.py, as Mark indicated. By default
(in Defaults.py) this is:
SENDER_HEADERS = ('from', None, 'reply-to', 'sender')
You can eliminate the envelope sender address from the mix by setting
this simply to:
SENDER_HEADERS = ('from', 'reply-to')
or drop 'reply-to' if you want to be even more restrictive.
Lindsay Haisley |"Fighting against human | PGP public key
FMP Computer Services | creativity is like | available at
512-259-1190 | trying to eradicate |<http://pubkeys.fmp.com>
http://www.fmp.com | dandelions" |
| (Pamela Jones) |
More information about the Mailman-Users