diff options
| -rw-r--r-- | FAQ | 22 | ||||
| -rw-r--r-- | Mailman/Defaults.py.in | 14 | ||||
| -rw-r--r-- | Mailman/MailList.py | 12 |
3 files changed, 44 insertions, 4 deletions
@@ -108,6 +108,28 @@ FREQUENTLY ASKED QUESTIONS . run $prefix/bin/arch <listname> $prefix/archives/private/<listname>.mbox/<listname>.mbox +9. I set member_posting_only to yes because I want to limit posts to + members only, however it seems like all messages coming from + members are held for approval. + + There appears to be a problem on some systems where the envelope + sender (e.g. the Unix "From " line) is set incorrectly. This will + cause a negative match when checking to see if the sender is a + member of the list. Mailman defaults to using the envelope sender + before the sender (i.e. "From:" header) because the former is set + by the SMTP agent while the latter is easily spoofable by the end + user. + + However, if you are having this problem, you may opt to favor the + From: header over the envelope sender. Do this by adding the + following line to your mm_cfg.py file: + + USE_ENVELOPE_SENDER=0 + + However, read the comments about this variable in the Defaults.py + file first. + + Local Variables: mode: text diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in index aca288181..a281b2890 100644 --- a/Mailman/Defaults.py.in +++ b/Mailman/Defaults.py.in @@ -81,6 +81,20 @@ USE_CRYPT = 1 # General Defaults # +# When allowing only members to post to a mailing list, how is the sender of +# the message determined? If this variable is set to 1, then first the +# message's envelope sender is used, with a fallback to the sender if there is +# no envelope sender. Set this variable to 0 to always use the sender. +# +# The envelope sender is set by the SMTP delivery and is thus less easily +# spoofed than the sender, which is typically just taken from the From: header +# and thus easily spoofed by the end-user. However, sometimes the envelope +# sender isn't set correctly and this will manifest itself by postings being +# held for approval even if they appear to come from a list member. If you +# are having this problem, set this variable to 0, but understand that some +# spoofed messages may get through. +USE_ENVELOPE_SENDER = 1 + # When true, mailman will consider user@host.domain to be the same address # as user@domain. If set to 0, mailman will consider user@host.domain to # be the same address as user@Host.DoMain, but different than user@domain. diff --git a/Mailman/MailList.py b/Mailman/MailList.py index acb2a12b5..733d67e0e 100644 --- a/Mailman/MailList.py +++ b/Mailman/MailList.py @@ -1041,9 +1041,13 @@ class MailList(MailCommandHandler, HTMLFormatter, Deliverer, ListAdmin, msgapproved = self.ExtractApproval(msg) if not approved: approved = msgapproved - sender = msg.GetEnvelopeSender() + sender = None + if mm_cfg.USE_ENVELOPE_SENDER: + sender = msg.GetEnvelopeSender() if not sender: sender = msg.GetSender() +## sys.stderr.write('envsend: %s, sender: %s\n' % +## (msg.GetEnvelopeSender(), msg.GetSender())) # If it's the admin, which we know by the approved variable, # we can skip a large number of checks. if not approved: @@ -1139,9 +1143,9 @@ class MailList(MailCommandHandler, HTMLFormatter, Deliverer, ListAdmin, subj, re.I): msg.SetHeader('Subject', '%s%s' % (prefix, subj)) if self.anonymous_list: - del msg['reply-to'] - del msg['sender'] - msg.SetHeader('From', self.GetAdminEmail()) + del msg['reply-to'] + del msg['sender'] + msg.SetHeader('From', self.GetAdminEmail()) if self.digestable: self.SaveForDigest(msg) if self.archive: |