On 4/5/19 10:59 AM, Valentin Schwarze via Mailman-Users wrote: > > I am the administrator of some mailman lists of the student > self-administration of our university. We happend to have some spam issues on > our mailman lists. These spammers were able to send emails on our lists > through mail spoofing (only faking the From: field in the header is > sufficient to get accepted). With a faked sender email adress, which was in > accept_these_nonmembers of the list, they were to send spam mails on the > lists. > > Are there any settings that we as administrators of the list could change to > end that behavior? For example, is it possible in any way, that Mailman only > accepts emails that passed a SPF check? Or any other option to prevent email > with forged sender adresses to be distributed through the mailman list?
These kinds of tests are better implemented in the incoming MTA before the mail ever gets to Mailman. Mailman itself, without code modification or implementation of a custom handler (see <https://wiki.list.org/x/4030615>), has no way to check things like SPF. You can use Privacy options... -> Spam filters -> header_filter_rules to take various actions based on regexp matches against message headers. This can be useful if you can identify things that separate the spam from the ham. Also, if you want to do certain tests in the MTA, but not reject the mail at SMTP time, you can have the MTA add a header which is checked by header_filter_rules. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org