On 10/05/2017 02:24 AM, Sebastian Jung wrote: > Hi all, > > I administrate a Mailinglist where by default only members of the list are > allowed to post messages. Lately we have Spam-Emails where the creator > uses a "From"-Adress in the form of: > > regularlistmem...@somedomain.com <somespamaddr...@dubiosdomain.tld> > > Mailman does not block those Emails since the known and allowed > Email-adress appears with in the From-Field although it is just part of > the name tag.
That is not the reason why Mailman is allowing this post as a member post. Mailman understands the difference between a display name and an email address in a From: header. Mailman's membership checks look at more than just From:. By default, Mailman looks at the From: header, the envelope sender and the Reply-To: and Sender: headers. If any of those which exists contains a list member address, the post is considered to be from the member. You can reduce that list installation wide by putting a setting for SENDER_HEADERS in Mailman/mm_cfg.py - see the documentation in Mailman/Defaults.py. For example, putting SENDER_HEADERS = ('from',) in mm_cfg.py will mean only the From: header is checked for list membership. Note also that you won't see the original envelope sender or Sender: header in the delivered post or archives nor will you see the original Reply-To: if the list is configured to remove it, but the original envelope sender and Sender: if any will be in the archives/private/LISTNAME.mbox/LISTNAME.mbox file. and the envelope sender will probably be in MTA logs. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org