[Mailman-Users] Anonymous emails with the sender information
Stephen J. Turnbull
stephen at xemacs.org
Mon Jun 13 04:20:21 CEST 2011
Nigel Woodley writes:
> I understand other mailman type products offer this functionality for the
> very reason that I have outlined.
What you are saying implies that an explicitly untrusted host is
allowed to inject content into a secure network based on the most
easily forged identification on the Internet. This seems unlikely to
be true to me, and if true, I would say the security policy is broken.
Are you sure you understand the actual rules for mail distribution on
this network? I have to suspect that even if you got what you say you
want, you still would not be able to distribute posts via a Mailman
based on that host.
There are better methods for identification like DKIM (though they
still have technical problems w.r.t. mailing lists). Perhaps such a
protocol is in use on your network and you need not munge headers at
all (in fact, you can not munge DKIM-signed headers without breaking
DKIM).
HTH
More information about the Mailman-Users
mailing list