[Mailman-Users] Blocking messages from kijiji (SENDER_HEADERS solution interferes with logging?)
fpicabia at gmail.com
Thu Oct 27 16:22:56 CEST 2011
On Thu, Oct 27, 2011 at 10:07 AM, francis picabia <fpicabia at gmail.com> wrote:
> On Thu, Oct 27, 2011 at 9:54 AM, francis picabia <fpicabia at gmail.com> wrote:
>> On Thu, Oct 27, 2011 at 9:37 AM, francis picabia <fpicabia at gmail.com> wrote:
>>> We run a mailing list for staff which should not
>>> receive email from outside of the list membership.
>>> The only non-member address allowed to post is
>>> another mailing list.
>>> Today we received a post from post at kijiji.ca
>>> and it made it through to the list.
>>> I see this in the post log file:
>>> Oct 26 18:21:41 2011 (2999) post to fyi from post at kijiji.ca,
>>> size=5293, message-id=<1190302152.2079281319664066415.JavaMail.root at kj-classy012>,
>>> We've tested this with a second small membership and restricted
>>> mailing list for our IT staff, and again a post from kijiji gets through.
>>> If we email from a gmail account or something, it is blocked as expected.
>>> In kijiji interface, they allow you to set up the sender, and this is
>>> likely passing the test for the sender, but it is only
>>> the sender in the envelope, which isn't reported in mailman
>>> (nor Postfix in what I saw).
>>> We've been running the same mailman 2.1.9 from Redhat for
>>> a few years and there has never been a problem like this before.
>>> I think we would prefer if both the sender From: and the envelope
>>> sender had to match, or had to both be allowed to post.
>>> Adding the post at kijiji.ca address to the rejected senders did not block them,
>>> which isn't surprising as it is looking at the other subscribed sender.
>>> Anyone else have experiences with that or suggested approaches?
>> I looked at older postings in this mailing list and it appears this is
>> a solution:
>> Quoting Mark Sapiro:
>>> If this is your Mailman installation, you could try putting
>>> SENDER_HEADERS = (None,)
>>> in mm_cfg.py. This would say that the post is considered to be from a
>>> member only if the envelope sender is a member."
>> I'll try this.
> On second thought what we needed is similar, but probably:
> SENDER_HEADERS = ('from')
> Would there be problems "from" this?
> For internal emails we already use canonical_maps in
> postfix to standardize the from address into something
This works, but of course it has caught someone using another
with a problem of the sort: "but it always worked this way before".
I check out the /var/log/maillog area for signs the user
is caught by this change, but oddly, nothing is
appearing in the logs. It appears than restricting
the SENDER_HEADERS this way causes no logging
on the mailman end. Is there a way to fix this?
More information about the Mailman-Users