On Thu, Oct 27, 2011 at 10:07 AM, francis picabia <fpica...@gmail.com> wrote: > On Thu, Oct 27, 2011 at 9:54 AM, francis picabia <fpica...@gmail.com> wrote: >> On Thu, Oct 27, 2011 at 9:37 AM, francis picabia <fpica...@gmail.com> wrote: >>> Hello, >>> >>> We run a mailing list for staff which should not >>> receive email from outside of the list membership. >>> >>> The only non-member address allowed to post is >>> another mailing list. >>> >>> Today we received a post from p...@kijiji.ca >>> and it made it through to the list. >>> >>> I see this in the post log file: >>> >>> Oct 26 18:21:41 2011 (2999) post to fyi from p...@kijiji.ca, >>> size=5293, >>> message-id=<1190302152.2079281319664066415.JavaMail.root@kj-classy012>, >>> success >>> >>> We've tested this with a second small membership and restricted >>> mailing list for our IT staff, and again a post from kijiji gets through. >>> >>> If we email from a gmail account or something, it is blocked as expected. >>> >>> In kijiji interface, they allow you to set up the sender, and this is >>> likely passing the test for the sender, but it is only >>> the sender in the envelope, which isn't reported in mailman >>> (nor Postfix in what I saw). >>> >>> We've been running the same mailman 2.1.9 from Redhat for >>> a few years and there has never been a problem like this before. >>> >>> I think we would prefer if both the sender From: and the envelope >>> sender had to match, or had to both be allowed to post. >>> >>> Adding the p...@kijiji.ca address to the rejected senders did not block >>> them, >>> which isn't surprising as it is looking at the other subscribed sender. >>> >>> Anyone else have experiences with that or suggested approaches? >>> >> >> I looked at older postings in this mailing list and it appears this is >> a solution: >> >> Quoting Mark Sapiro: >> >>> If this is your Mailman installation, you could try putting >>> >>> SENDER_HEADERS = (None,) >>> >>> in mm_cfg.py. This would say that the post is considered to be from a >>> member only if the envelope sender is a member." >> >> I'll try this. >> > > On second thought what we needed is similar, but probably: > > SENDER_HEADERS = ('from') > > Would there be problems "from" this? > > For internal emails we already use canonical_maps in > postfix to standardize the from address into something > predictable. >
This works, but of course it has caught someone using another unconventional list with a problem of the sort: "but it always worked this way before". I check out the /var/log/maillog area for signs the user is caught by this change, but oddly, nothing is appearing in the logs. It appears than restricting the SENDER_HEADERS this way causes no logging on the mailman end. Is there a way to fix this? ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org