Luke Daly wrote: >I have a large list (22000) users. it is configured with the following >settings : >Action to take when a moderated member posts to the list. = Discard >Action to take for postings from non-members for which no explicit action is >defined. = Discard >All users are moderated except where they are an administrator or moderator.
This is the problem. Did you see Brad's reply at <http://mail.python.org/pipermail/mailman-users/2008-April/061236.html> to your previous post. This is not a secure way to set up an announcement list. Anyone can send a post to the list spoofing the From: as one of the admin/moderator addresses. This might even happen accidentally with spam sent to a list spoofing the From: and just by chance hitting one of the unmoderated addresses. The secure way to handle posting to an announce list is to moderate everyone. Then if you want to discard or reject posts from members, you post from non-member addresses which you add to hold_these_nonmembers, and then have an admin/moderator approve the held post. Alternatively, if you want to be able to post without the post being held, the authorized posters need to know the list moderator password. They then put the header Approved: password where 'password' is the list admin or moderator password either as an actual header in the post or as the first line of the first plain text part of the posted message. This is discussed in Brad's reply and in <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq03.011.htp> which he referred to and also in <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq03.034.htp>. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
