Bader, Robert (Bob) writes: > I think I have a situation where someone is sending email to one of > my lists request address ie > (lista-reque...@domain.com<mailto:lista-reque...@domain.com>) from > an invalid email address (maybe spoofing the sending address). Or > they may be able to trying to subscribe and entering an invalid > email address on the wbesite. > > So what happens is the list admins gets a bunch of bounces. What > is the best way to stop this?
I'm sorry, but dealing with the first one is what list admins are for. Sorting these things out requires human intelligence. Banning helps, though: > If I add an email to the ban section for a list, will mailman drop > any email or requests from them if they are spoofing as a sender or > trying to subscribe? I'm not sure what you're asking, so let me go into perhaps more detail than you want. Bottom Line Up Front: Banning such addresses will make your life better. I'm pretty sure it does what you want (except it can't filter out the *first* obnoxious attempt :-( ). 1. Mailman does not check for spoofing. In theory, the best that can be done is to check for From alignment of the domain in From with a DKIM signature, but there's no reasonable way to do it for web subscriptions. Worse, using DKIM to authenticate subscription or posting addresses is likely to cause more problems than it solves because users are very commonly posting or accessing the web from somewhere other than their nominal domain. 2. In principle, attempts to subscribe or post from a banned email address are discarded with extreme prejudice. For posting, you'd have to ask Mark about how this interacts with situations where some of the envelope sender, Sender field, and From field are *not* the banned address. HTH Steve ------------------------------------------------------ Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/