On Thu, Oct 27, 2011 at 11:22 AM, francis picabia <fpica...@gmail.com> wrote:
> On Thu, Oct 27, 2011 at 10:07 AM, francis picabia <fpica...@gmail.com> wrote:
>> On Thu, Oct 27, 2011 at 9:54 AM, francis picabia <fpica...@gmail.com> wrote:
>>> On Thu, Oct 27, 2011 at 9:37 AM, francis picabia <fpica...@gmail.com> wrote:
>>>> Hello,
>>>>
>>>> We run a mailing list for staff which should not
>>>> receive email from outside of the list membership.
>>>>
>>>> The only non-member address allowed to post is
>>>> another mailing list.
>>>>
>>>> Today we received a post from p...@kijiji.ca
>>>> and it made it through to the list.
>>>>
>>>> I see this in the post log file:
>>>>
>>>> Oct 26 18:21:41 2011 (2999) post to fyi from p...@kijiji.ca,
>>>> size=5293,
>>>> message-id=<1190302152.2079281319664066415.JavaMail.root@kj-classy012>,
>>>> success
>>>>
>>>> We've tested this with a second small membership and restricted
>>>> mailing list for our IT staff, and again a post from kijiji gets through.
>>>>
>>>> If we email from a gmail account or something, it is blocked as expected.
>>>>
>>>> In kijiji interface, they allow you to set up the sender, and this is
>>>> likely passing the test for the sender, but it is only
>>>> the sender in the envelope, which isn't reported in mailman
>>>> (nor Postfix in what I saw).
>>>>
>>>> We've been running the same mailman 2.1.9 from Redhat for
>>>> a few years and there has never been a problem like this before.
>>>>
>>>> I think we would prefer if both the sender From: and the envelope
>>>> sender had to match, or had to both be allowed to post.
>>>>
>>>> Adding the p...@kijiji.ca address to the rejected senders did not block
>>>> them,
>>>> which isn't surprising as it is looking at the other subscribed sender.
>>>>
>>>> Anyone else have experiences with that or suggested approaches?
>>>>
>>>
>>> I looked at older postings in this mailing list and it appears this is
>>> a solution:
>>>
>>> Quoting Mark Sapiro:
>>>
>>>> If this is your Mailman installation, you could try putting
>>>>
>>>> SENDER_HEADERS = (None,)
>>>>
>>>> in mm_cfg.py. This would say that the post is considered to be from a
>>>> member only if the envelope sender is a member."
>>>
>>> I'll try this.
>>>
>>
>> On second thought what we needed is similar, but probably:
>>
>> SENDER_HEADERS = ('from')
>>
>> Would there be problems "from" this?
>>
>> For internal emails we already use canonical_maps in
>> postfix to standardize the from address into something
>> predictable.
>>
>
> This works, but of course it has caught someone using another
> unconventional list
> with a problem of the sort: "but it always worked this way before".
>
> I check out the /var/log/maillog area for signs the user
> is caught by this change, but oddly, nothing is
> appearing in the logs. It appears than restricting
> the SENDER_HEADERS this way causes no logging
> on the mailman end. Is there a way to fix this?
>
I've now removed the SENDER_HEADERS configuration. It was interfering
with too much delivery to our lists which should have gone through,
and without logging in mailman, I don't know why.
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
