Jeremy Fairbrass wrote:
>
>I'm administering a Mailman list using version 2.1.14. It's a private list,
>whereby only list members can post to it ("generic_nonmember_action" is set to
>discard).
>
>I've just had an email sent through the list which was sent from a web service
>(Evite.com to be precise) by one of the list members. The email itself had an
>evite.com address in the From header, and had the list member's own address in
>the Reply-To header. The email was accepted by Mailman and delivered to all
>list members.
>
>This surprised me, as I assumed that a list member's address would have to be
>in the From field for it to be accepted, whereas in this case their address
>was exclusively in the Reply-To field. Is that how it's supposed to be? Surely
>Mailman should only consider the From field when checking the identity of the
>sender of the email?
A post is considered to be from a member if a member's address appears
in any of the headers (or envelope sender) appearing in the
SENDER_HEADERS setting. The Defaults.py setting for this is
SENDER_HEADERS = ('from', None, 'reply-to', 'sender')
meaning a post will be considered to be from the first member address
found in From:, the envelope sender, Reply-To: or Sender: if any of
those contains a member's address.
>Is there any setting in Mailman that will make it only consider the From field
>and not the Reply-To field when accepting an email?
If you want only the From: headre to be considered, you can put
SENDER_HEADERS = ('from',)
in mm_cfg.py. (the parens and comma are important)
>Secondly, what's the best or appropriate way for me to then block emails from
>a third-party sender (such as Evite) which is using this Reply-To "trick", if
>I don't want those emails to be delivered to my list?
It's not a trick. If they were trying to trick you, they would put the
inviter's address in From:. They legitimately want to direct replies
to the e-vite back to the inviter.
>I tried putting the full evite.com email address into the
>"discard_these_nonmembers" field on the [Sender filters] page, but that didn't
>work. When I tested it afterwards, the email from Evite.com still was accepted
>by Mailman and not discarded.
Because non-member tests are applied only after the post is determined
to not be from a member.
>I suppose I could add the Evite address as an actual member, and then mark
>that member for moderation, but I'd rather not have to do that. I feel like I
>ought to be able to just add the Evite address to the discard list and have it
>automatically discarded there, or some similar solution. The Membership List
>page should really only be used for actual list members.
If you control the Mailman installation, you can set SENDER_HEADERS in
mm_cfg.py as above. If not, you can use Privacy options... -> Spam
filters -> header_filter_rules to discard messages with a header
regexp like for example:
^from:.*[@.]evite\.com([>\s]|$)
I tend to use a rule myself like
^Sender:.*linkedin.com>?$
^Return-Path:.*linkedin.com>?$
^Sender:.*homerunmail.com>?$
^Return-Path:.*homerunmail.com>?$
^Reply-To:.*homerunmail.com>?$
^Sender:.*facebookmail.com>?$
^Return-Path:.*facebookmail.com>?$
to get unwanted mail that is actually From: a member.
I don't include evite.com because ultimately, that mail is generated by
a list member and I would try to educate, moderate, remove the member
first rather than try to keep track of all the possible sources of
such mail.
--
Mark Sapiro <m...@msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
