As far as I remember, the thing is: ezmlm doesn't (necessarily) check the FROM address in the header of an e-mail sent to the list in order to verify if you are subscribed or not. The thing that matters is the envelope address header, which is not included when ezmlm forwards a message to all list members. So, you could have a fake address in the FROM field as long as the envelope address is set to the address used for subscription.
Would it be possible to configure ezmlm to check the real FROM address in the email header to verify that a person is subscribed to this list. This may allow us to use FAKE addresses when sending mail to the list, but still allowing ezmlm to check for validity of subscriber's real email address??? I have a new email address that I would like to use to post messages to this list from, and drop the email account (topz5.worldonline.co.uk) that gets all the spam messages. Any replies from suse-security mailing list manager (real person) would be appreciated. Kind Regards - Keith Roberts
Hello Keith On Friday 12 December 2003 21:40, Keith Roberts wrote:
Would it be possible to configure ezmlm to check the real FROM address in the email header to verify that a person is subscribed to this list.
This may allow us to use FAKE addresses when sending mail to the list, but still allowing ezmlm to check for validity of subscriber's real email address???
I don't quite follow your thoughts. What do you mean with ``real FROM address''? The intention of my previous message was to point out that the ez mailing list manager uses the ``envelope From'' for verification of the list members, which isn't displayed in the list postings. The ``header from'' is ignored, so that you can set your header from to whatever you want. Maybe I explained that badly the first time. Here is what SuSE self writes about it (Source: FAQ - Frequently asked questions of the test-list@suse.com list): Q2. Envelope from? Header from? All I want to do is post a message to one of your mailing lists! Why is this so complicated? I don't have trouble subscribing to other mailinglists. A2. The header from is probably what you think of as the "from"; e.g. From: foo@bar.com It is contained in DATA portion of the mail (that's the part of the mail that you, as a user, write). The envelope from is written by your mail transport agent, or MTA. That's the thing that your mail client hands the message you just wrote off to to have it delivered. An envelope is generally represented as this in the traditional mbox format: From foo@bar.com Fri Mar 1 12:59:36 2002 If you use maildirs or some other mailbox format you probably won't have that. Most MTAs copy the envelope from to the Return-Path header so you can also get it from that. This is who your MTA, in the words of RFC 822bis, says "the author(s) of the message, that is, the mailbox(es) of the person(s) or system(s) responsible for the writing of the message.'' The mailing list software we use (ezmlm+idx) takes the envelope from as the address to subscribe when you email LISTNAME-subscribe@suse.com. Other mailing list software might use the header from. There are lots of good technical reasons why the envelope from is used (which you can read all about at the author's site: http://cr.yp.to/immhf.html) but a big benefit for you is that since the envelope from isn't displayed in list postings and the header from is ignored you can set your header from to be whatever you want. This means that you can use your main email address for the list and, if you munge the address, you won't need to worry about it being harvested by an an evil spammer. In other words, you are encouraged rot13, reverse, encrypt, or do whatever to your header from (*except* leave it unqualified) and it won't affect your subscription at all.
Oh no!!! Now I get bounces from a missconfigured postfix server
:-(((((
---------- Forwarded Message: ----------
Subject: Undelivered Mail Returned to Sender
Date: Sat, 13 Dec 2003 18:15:18 +0100 (CET)
From: MAILER-DAEMON@ottemeier.de (Mail Delivery System)
To: x1svewah@stud.slu.se
This is the Postfix program at host benhur.intern.ottemeier.de.
I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can
delete your own text from the message returned below.
The Postfix program
participants (2)
-
Keith Roberts
-
Sven Wahl