On 07/19/2018 05:16 AM, Robert Heller wrote: > At Wed, 18 Jul 2018 19:33:20 -0700 Mark Sapiro <m...@msapiro.net> wrote: > >> >> On 07/18/2018 07:10 PM, Robert Heller wrote: >>> >>> Mailman only checks the From: header... >> >> >> Not true. See my other reply in this thread. > > I mean it does not check things like the Received: headers *by default*. If > the email part of the From: header is a list member address, Mailman will > consider that the mail is from that member and pass the message on to the > list, *even if the From: header is spoofed*. I expect that this is what > happening with the OP. It is a common spammer hack: somehow get a list of > member addresses (or really hack a member's E-Mail accoung or PC and go from > there). > > Yes, Mail mail can be configured to check other headers, but this requires > some configuration settings.
My point is that standard, default Mailman checks not only the From: header for list member addresses, it also checks the envelope sender and the Reply-To: and Sender: headers. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
