On 10/05/2017 02:24 AM, Sebastian Jung wrote:
> Hi all,
>
> I administrate a Mailinglist where by default only members of the list are
> allowed to post messages. Lately we have Spam-Emails where the creator
> uses a "From"-Adress in the form of:
>
> [email protected] <[email protected]>
>
> Mailman does not block those Emails since the known and allowed
> Email-adress appears with in the From-Field although it is just part of
> the name tag.
That is not the reason why Mailman is allowing this post as a member
post. Mailman understands the difference between a display name and an
email address in a From: header.
Mailman's membership checks look at more than just From:. By default,
Mailman looks at the From: header, the envelope sender and the Reply-To:
and Sender: headers. If any of those which exists contains a list member
address, the post is considered to be from the member.
You can reduce that list installation wide by putting a setting for
SENDER_HEADERS in Mailman/mm_cfg.py - see the documentation in
Mailman/Defaults.py. For example, putting
SENDER_HEADERS = ('from',) in mm_cfg.py will mean only the From: header
is checked for list membership.
Note also that you won't see the original envelope sender or Sender:
header in the delivered post or archives nor will you see the original
Reply-To: if the list is configured to remove it, but the original
envelope sender and Sender: if any will be in the
archives/private/LISTNAME.mbox/LISTNAME.mbox file. and the envelope
sender will probably be in MTA logs.
--
Mark Sapiro <[email protected]> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list [email protected]
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
