Hello, We run a mailing list for staff which should not receive email from outside of the list membership.
The only non-member address allowed to post is another mailing list. Today we received a post from p...@kijiji.ca and it made it through to the list. I see this in the post log file: Oct 26 18:21:41 2011 (2999) post to fyi from p...@kijiji.ca, size=5293, message-id=<1190302152.2079281319664066415.JavaMail.root@kj-classy012>, success We've tested this with a second small membership and restricted mailing list for our IT staff, and again a post from kijiji gets through. If we email from a gmail account or something, it is blocked as expected. In kijiji interface, they allow you to set up the sender, and this is likely passing the test for the sender, but it is only the sender in the envelope, which isn't reported in mailman (nor Postfix in what I saw). We've been running the same mailman 2.1.9 from Redhat for a few years and there has never been a problem like this before. I think we would prefer if both the sender From: and the envelope sender had to match, or had to both be allowed to post. Adding the p...@kijiji.ca address to the rejected senders did not block them, which isn't surprising as it is looking at the other subscribed sender. Anyone else have experiences with that or suggested approaches? ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
