[Mailman-Users] non-subscriber managed to post to a subscriber only list

Grant Taylor gtaylor at riverviewtech.net
Tue Jan 27 16:25:25 CET 2009


On 01/26/09 20:30, Stephen J. Turnbull wrote:
> Sure.  Anybody who uses a single host to send mail but alters their 
> From according to the venue (me, for example).  Anybody whose MTA 
> identifies the envelope sender as user at actual-host.example.com, but 
> whose MUA identifies them as user at example.com in From.  Anybody whose 
> mail is handled on somebody else's account, and thus will have a 
> Sender header (typically Return-Path will more likely point to Sender 
> than From in that case).

I can see how altering your From (depending on where you are sending to) 
could be a possibility.  Though I think that the MTA sending out as 
<user>@<host>.<domain>.<tld> is a mis-configuration on the MTA's part. 
As far as the Sender: header, I can see that, thus I refine my statement 
such that either the (preferably) From: or the Sender: headers should 
match the SMTP envelope sender / Return-Path: header.

> It would be easy to implement in something like SpamAssassin.

*nod*

This may be a very valid point.  I wonder what it would take to add a 
new rule that would add a small score if things did not match like the 
likely should.  Every little bit helps and I don't think a little bit 
would hurt otherwise valid messages.



Grant. . . .


More information about the Mailman-Users mailing list