[Mailman-Users] Getting Spam from Banned Address
mark at msapiro.net
Mon May 2 17:05:40 CEST 2011
Henry Hartley wrote:
>Looking at the header of one of the message, however, and I see that
>although they show up as From that single banned address, there are
>multiple addresses in the From field. At least one other of the
>addresses is a valid list address. I assume that as long as at least one
> From address is valid, mailman will let it through the gate. Is that
Yes, that is correct. Mailman considers a post to be from a member if
an address in any place defined in SENDER_HEADERS is a list member.
The default setting is
SENDER_HEADERS = ('from', None, 'reply-to', 'sender')
Which means that if any of the From: header, the envelope sender, the
Reply-To: header or the Sender: header contains a member address, the
post is considered to be from that member.
>Should there be some setting to only let in mail with a single
> From address? I can't see any reason to allow multiple From values.
The message standards (RFC 822, RFC 2822 and RFC 5322) allow multiple
addresses in From: headers.
>possibly a setting that says "all From addresses must be on the list".
Perhaps that would be useful, but it doesn't currently exist.
If this is your Mailman installation, you could try putting
SENDER_HEADERS = (None,)
in mm_cfg.py. This would say that the post is considered to be from a
member only if the envelope sender is a member.
This could potentially block legitimate mail From: a member with a
non-member envelope sender, e.g. if user at example.com is a member and
the message is From: user at example.com, but the envelope is from
user at mail.example.com or users_alter_ego at example.com, but I suspect it
might actually work OK, but you would need to set
generic_nonmember_action to Hold or Reject rather than Discard, at
least initially, to find the cases in which it doesn't work.
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users