On Thu, Oct 27, 2011 at 9:54 AM, francis picabia <fpica...@gmail.com> wrote: > On Thu, Oct 27, 2011 at 9:37 AM, francis picabia <fpica...@gmail.com> wrote: >> Hello, >> >> We run a mailing list for staff which should not >> receive email from outside of the list membership. >> >> The only non-member address allowed to post is >> another mailing list. >> >> Today we received a post from p...@kijiji.ca >> and it made it through to the list. >> >> I see this in the post log file: >> >> Oct 26 18:21:41 2011 (2999) post to fyi from p...@kijiji.ca, >> size=5293, >> message-id=<1190302152.2079281319664066415.JavaMail.root@kj-classy012>, >> success >> >> We've tested this with a second small membership and restricted >> mailing list for our IT staff, and again a post from kijiji gets through. >> >> If we email from a gmail account or something, it is blocked as expected. >> >> In kijiji interface, they allow you to set up the sender, and this is >> likely passing the test for the sender, but it is only >> the sender in the envelope, which isn't reported in mailman >> (nor Postfix in what I saw). >> >> We've been running the same mailman 2.1.9 from Redhat for >> a few years and there has never been a problem like this before. >> >> I think we would prefer if both the sender From: and the envelope >> sender had to match, or had to both be allowed to post. >> >> Adding the p...@kijiji.ca address to the rejected senders did not block them, >> which isn't surprising as it is looking at the other subscribed sender. >> >> Anyone else have experiences with that or suggested approaches? >> > > I looked at older postings in this mailing list and it appears this is > a solution: > > Quoting Mark Sapiro: > >> If this is your Mailman installation, you could try putting >> >> SENDER_HEADERS = (None,) >> >> in mm_cfg.py. This would say that the post is considered to be from a >> member only if the envelope sender is a member." > > I'll try this. >
On second thought what we needed is similar, but probably: SENDER_HEADERS = ('from') Would there be problems "from" this? For internal emails we already use canonical_maps in postfix to standardize the from address into something predictable. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org