[Mailman-Users] approved from non-subscriber

Mark Sapiro mark at msapiro.net
Fri Feb 20 05:10:09 CET 2015

On 02/19/2015 05:47 PM, Danil Smirnov wrote:
> Thanks Mark!
> And how about if this non-subscriber is included to the
> hold_these_nonmembers list in Privacy -- Sender filters?
> Is Approved: powerful enough to overpower this option?

Approved: with a valid password trumps (overrides) everything except
header_filter_rules, patterns in mm_cfg.KNOWN_SPAMMERS and
dmarc_moderation_action of reject or discard.

Historically, the only passwords that worked were the list admin and
list moderator password and anyone who knew those could approve held
posts after the fact so there was no reason to not let them pre-approve

The list poster password was added later to allow a less sensitive
password to be used to pre-approve posts to an otherwise moderated list
and uses the same approval mechanism.

The bottom line is people should only be given those passwords if they
can be trusted not to abuse them.

If you specifically need to hold a post From: someone even if it
contains a valid Approve: and you can't just change the password, I
think you can do it with header_filter_rules.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list