diff options
| author | bwarsaw | 1999-03-09 19:36:48 +0000 |
|---|---|---|
| committer | bwarsaw | 1999-03-09 19:36:48 +0000 |
| commit | fb699dd06ad94e9dd4f29bb5ba0965261e65ee3b (patch) | |
| tree | d527ed30d8cb48685edf821e1b68612fd17614d7 | |
| parent | a4079818fc472196d19bb5c89b199e318c2cb4bf (diff) | |
| download | mailman-fb699dd06ad94e9dd4f29bb5ba0965261e65ee3b.tar.gz mailman-fb699dd06ad94e9dd4f29bb5ba0965261e65ee3b.tar.zst mailman-fb699dd06ad94e9dd4f29bb5ba0965261e65ee3b.zip | |
(Defaults.py.in): Added USE_ENVELOPE_SENDER variable, which is set to
1 by default. This instructs the MailList.Post() method to use first
the envelope sender (i.e. Unix "From " line) and then the From:
header. However, this breaks member_only_posting on some systems (for
reasons unknown). Set this variable to 0 in mm_cfg.py to use only the
From: header, although this can open the list up to spam.
(MailList.py): in Post(), check USE_ENVELOPE_SENDER to see if
GetEnvelopeSender() should be called.
(FAQ): Add a question refering to USE_ENVELOPE_SENDER.
| -rw-r--r-- | FAQ | 22 | ||||
| -rw-r--r-- | Mailman/Defaults.py.in | 14 | ||||
| -rw-r--r-- | Mailman/MailList.py | 12 |
3 files changed, 44 insertions, 4 deletions
@@ -108,6 +108,28 @@ FREQUENTLY ASKED QUESTIONS . run $prefix/bin/arch <listname> $prefix/archives/private/<listname>.mbox/<listname>.mbox +9. I set member_posting_only to yes because I want to limit posts to + members only, however it seems like all messages coming from + members are held for approval. + + There appears to be a problem on some systems where the envelope + sender (e.g. the Unix "From " line) is set incorrectly. This will + cause a negative match when checking to see if the sender is a + member of the list. Mailman defaults to using the envelope sender + before the sender (i.e. "From:" header) because the former is set + by the SMTP agent while the latter is easily spoofable by the end + user. + + However, if you are having this problem, you may opt to favor the + From: header over the envelope sender. Do this by adding the + following line to your mm_cfg.py file: + + USE_ENVELOPE_SENDER=0 + + However, read the comments about this variable in the Defaults.py + file first. + + Local Variables: mode: text diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in index aca288181..a281b2890 100644 --- a/Mailman/Defaults.py.in +++ b/Mailman/Defaults.py.in @@ -81,6 +81,20 @@ USE_CRYPT = 1 # General Defaults # +# When allowing only members to post to a mailing list, how is the sender of +# the message determined? If this variable is set to 1, then first the +# message's envelope sender is used, with a fallback to the sender if there is +# no envelope sender. Set this variable to 0 to always use the sender. +# +# The envelope sender is set by the SMTP delivery and is thus less easily +# spoofed than the sender, which is typically just taken from the From: header +# and thus easily spoofed by the end-user. However, sometimes the envelope +# sender isn't set correctly and this will manifest itself by postings being +# held for approval even if they appear to come from a list member. If you +# are having this problem, set this variable to 0, but understand that some +# spoofed messages may get through. +USE_ENVELOPE_SENDER = 1 + # When true, mailman will consider user@host.domain to be the same address # as user@domain. If set to 0, mailman will consider user@host.domain to # be the same address as user@Host.DoMain, but different than user@domain. diff --git a/Mailman/MailList.py b/Mailman/MailList.py index acb2a12b5..733d67e0e 100644 --- a/Mailman/MailList.py +++ b/Mailman/MailList.py @@ -1041,9 +1041,13 @@ class MailList(MailCommandHandler, HTMLFormatter, Deliverer, ListAdmin, msgapproved = self.ExtractApproval(msg) if not approved: approved = msgapproved - sender = msg.GetEnvelopeSender() + sender = None + if mm_cfg.USE_ENVELOPE_SENDER: + sender = msg.GetEnvelopeSender() if not sender: sender = msg.GetSender() +## sys.stderr.write('envsend: %s, sender: %s\n' % +## (msg.GetEnvelopeSender(), msg.GetSender())) # If it's the admin, which we know by the approved variable, # we can skip a large number of checks. if not approved: @@ -1139,9 +1143,9 @@ class MailList(MailCommandHandler, HTMLFormatter, Deliverer, ListAdmin, subj, re.I): msg.SetHeader('Subject', '%s%s' % (prefix, subj)) if self.anonymous_list: - del msg['reply-to'] - del msg['sender'] - msg.SetHeader('From', self.GetAdminEmail()) + del msg['reply-to'] + del msg['sender'] + msg.SetHeader('From', self.GetAdminEmail()) if self.digestable: self.SaveForDigest(msg) if self.archive: |