On Tue, Nov 13, 2012 at 04:03:32PM -0200, Rodrigo Abrantes Antunes wrote: > In my case, I found that the return-path header is the address of the > original sender, so how could I add a rule in mailman to deny posts with > return-path's address that are not members?
The envelope-sender can also be spoofed trivially. If you want to prevent someone from sending email as someone who *is* approved to post to the list, I think your safest bet is to require approval for all posts to the list -- in other words, set the action for posts by moderated members allowed to post to 'hold', and have the moderate bit set even for users who are allowed to post. w ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
