GNU Mailman

non-member post failuer

Bug #266324 reported by Llbetts
2
Affects Status Importance Assigned to Milestone
GNU Mailman
New
Medium
Unassigned

Bug Description

Running Mailman 2.1.5 on Red Hat Linux 3. Have list
configured to discard posts from non-members.
Non-member sent in auto reply containing my address has
changed information that actually came from the new
address which was not registered. List server sent
this auto-reply from non-member to the list.

Can't find similar problem reported or bug fix.

Output list configuration, pertinent info below:

# legal values are:
# 0 = "Accept"
# 1 = "Hold"
# 2 = "Reject"
# 3 = "Discard"
generic_nonmember_action = 3

Please advise.

[http://sourceforge.net/tracker/index.php?func=detail&aid=1449048&group_id=103&atid=100103]

Revision history for this message
Mark Sapiro (msapiro) wrote :

In a default installation, post will be determined to be
from a list member if the envelope sender or any of the
From:, Reply-To: or Sender: headers contain a member address.

You could send an off list message to the old address and
inspect the returned message to see if Return-Path: (the
envelope sender), From:, Reply-To: or Sender: contain the
old address. If so, accepting this would be expected behavior.

Note that in a situation like this, it may be preferable to
discuss the issue on <email address hidden> before
submitting a bug report.

Revision history for this message
Llbetts (llbetts) wrote :

Although I agree with the comments that if any of the
headers contains the real members email address it will be
processed as a member, the real member is moderated and all
posts from moderated members are configured to be discarded.
 Therefore, in this configuration it should not matter who
sent the reply. Only the list owner is allowed to send
messages to the list and the reply should have been discarded.

Revision history for this message
Mark Sapiro (msapiro) wrote :

Is there anything in accept_these_nonmembers?

What is generic_nonmember_action?

If one or the other of these settings don't explain the
issue, then I'm afraid that without specific information as
to the headers of the post as received by Mailman and
specific list configuration information, we aren't going to
be able to understand what happened or if there is a bug
involved.

In any case, I am moving this from 'patches' to 'bugs' for
the interim as it clearly isn't a patch.

Revision history for this message
Llbetts (llbetts) wrote :

According to the output from config_list these 2 items are
set to:

accept_these_nonmembers = []
generic_nonmember_action = 3

I have attached the complete output from the config_list output.

Revision history for this message
Mark Sapiro (msapiro) wrote :

anonymous_list = True
 no info about original sender left in archives, but there
is an entry 'post to hgsa-web-updates from xxx anonymized'
in the 'post' log which will at least tell you the From:
value, although that isn't guaranteed to be the 'member'
that was accepted. But anyway, chack that address in the
Membership list and verify that it is moderated.

Or you can see FAQ 3.62 at
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq03.062.htp
for a pointer to a script that can screen-scrape the admin
web interface and enable you to easily find any unmoderated
members. Note that if there are any at all, your list is
vulnerable to spoofing, even inadvertently by some half
brain dead autoresponder. As one possibility, is the fixed
reply-to '<email address hidden>' an unmoderated member?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.