Donna Dierker wrote: > >Recently, a spam message was successfully posted to mylist. The "From" >field showed myl...@myserver.edu (i.e., the same address that one uses >when posting *to* mylist). Looking in the list of subscribers, I don't >see 'mylist' as a member. And typically posts do not come from the >list; rather, they are just posted *to* the list *from* an individual >subscriber's email address. > >Why aren't posts *from* myl...@myserver.edu being rejected, since >myl...@myserver.edu is a non-member from the point of view of the list?
They should be. It may be too late to find why this one was accepted, but if you have access, you can find the post in the archives/private/LISTNAME.mbox/LISTNAME.mbox file and see some of the original headers. A post is considered to be from a list member if any of From:, Reply-To: or Sender: or the envelope sender is a list member. It is also possible, although not likely, that the spammer knows the list admin or moderator password and put an "Approved: password" header in the post, but if this was done, the evidence will be gone. >I thought about putting From: myl...@myserver.edu in the spam filter, >and setting the action to Hold; however, I don't want a message being >sent to everyone on mylist every time a spam message gets held for >moderator approval. I do, however, want these messages held, so I can >inspect them. (Or at least a copy emailed to me, the list moderator, >before the message is discarded.) This is difficult. You could use header_filter_rules to discard the message, but then you won't see it even with forward_auto_discards true because that applies only to moderated and non-member auto discards. If you hold the message, the notice to the sender, even if to the list, should not be accepted as it is from LISTNAME-bounces, but if you want to be really sure, you could set respond_to_post_requests to No so there is no held notice back to the poster. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9