Hi all,
I'm administering a Mailman list using version 2.1.14. It's a private list,
whereby only list members can post to it ("generic_nonmember_action" is set to
discard).
I've just had an email sent through the list which was sent from a web service
(Evite.com to be precise) by one of the list members. The email itself had an
evite.com address in the From header, and had the list member's own address in
the Reply-To header. The email was accepted by Mailman and delivered to all
list members.
This surprised me, as I assumed that a list member's address would have to be
in the From field for it to be accepted, whereas in this case their address was
exclusively in the Reply-To field. Is that how it's supposed to be? Surely
Mailman should only consider the From field when checking the identity of the
sender of the email?
Is there any setting in Mailman that will make it only consider the From field
and not the Reply-To field when accepting an email?
Secondly, what's the best or appropriate way for me to then block emails from a
third-party sender (such as Evite) which is using this Reply-To "trick", if I
don't want those emails to be delivered to my list?
I tried putting the full evite.com email address into the
"discard_these_nonmembers" field on the [Sender filters] page, but that didn't
work. When I tested it afterwards, the email from Evite.com still was accepted
by Mailman and not discarded.
I suppose I could add the Evite address as an actual member, and then mark that
member for moderation, but I'd rather not have to do that. I feel like I ought
to be able to just add the Evite address to the discard list and have it
automatically discarded there, or some similar solution. The Membership List
page should really only be used for actual list members.
Regards,
Jeremy
------------------------------------------------------
Mailman-Users mailing list [email protected]
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
