On 3/11/2004 10:32, "Jerold Stratton" <[EMAIL PROTECTED]> wrote:
> On Thursday, March 11, 2004, at 09:50 AM, ted wrote: >> I just posted a bug ticket for this problem. You are the 3rd or 4th >> person, including me, to have reported this to mailman-users >> recently. The bug ticket is here: >> http://sourceforge.net/tracker/?group_id=103&atid=100103 >> >> Please add your comments to the item so the developers take this >> seriously. If you don't have a SourceForge account, you can create one >> here: http://sourceforge.net/account/register.php >> > > I've been having this problem also, but while I'm sure the developers > are taking it seriously, I'm not sure what they can do. E-mail has only > one means of determining who something is from: the envelope from. > > They could match the envelope to the from: line, but that's hardly a > fix. The from: line is just as easy to forge as the envelope. > > The only way I can see of them "fixing" it is to disallow any > non-moderated users or administrators. They could force all messages, > even from list admins, to be moderated. I don't see that going over > very well. Any address which is automatically allowed to post is an opening for forged posts. I suggested a couple of years ago in the developers list that consideration be given to creating an option in which situations like this are handled by digitally signing the messages from the blessed senders, and having Mailman check the signatures and reject unsigned and non-verifying messages. Doing this is decidedly non-trivial, and doing the signing may be beyond some blessed senders' email abilities. At the MTA level, one could specifically reject messages to the list posting address which have the right envelope sender but don't come from the "right" place(s) for that particular sender. But it's probably easier to have the blessed senders moderated, unless there's a high volume of posting by them. (In many cases, if you can trust them to post, you can trust them to moderate, now that Mailman as the moderator level of access to the list. So they can pass their own messages through moderation.) --John ------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
