Sender address is not validated correctly
Bug #1154004 reported by
Nemo_bis
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Example: message
From: Badoo <email address hidden>
to subscriber-only list, with
Reply-To: <email address hidden>
(presumably subscribed) and
Sender: <email address hidden>
(because of https:/
I think this was supposed to have introduced smarter checks of the sender: https:/
Downstream bug asking workaround: https:/
To post a comment you must log in.
This is not a bug. By design and by default, Mailman determines a post to be from a list member if any of the From: header, envelope sender, Reply-To: header or Sender: header addresses is a list member. Note that these refer to the incoming values, not the Sender: or envelope sender or possibly munged Reply-To: in the outgoing post.
This is controlled by the configuration setting SENDER_HEADERS with default
SENDER_HEADERS = ('from', None, 'reply-to', 'sender')
(None here means the unix from or envelope sender). To accept as from a list member, for example, only messages whose From: header has a list member address, put
SENDER_HEADERS = ('from',)
in mm_cfg.py.
Note that this has nothing to do with <https:/ /bugs.launchpad .net/mailman/ +bug/266824> or <https:/ /bugs.launchpad .net/mailman/ +bug/266644>.