On 09/18/2018 01:04 PM, Jonas Meurer wrote:
Maybe then the description for chain "accept" in postorius needs to be adjusted. Currently it says "Accept immediately (bypass other rules)". This gives the impression, that it will overrule the default action.
Yes, I agree it's confusing.
A related followup question: what configuration is recommended for an announcement list where only specific senders (e.g. sender@example.org) should be allowed to post and mail from all (other) subscribers should be rejected?
The only way I see to achieve this currently is:
- Set default action for member posts to "Default processing"
- Add a header filter to accept "sender@example.org"
- Add a header filter to reject ".*"
In my eyes, that's very counter-intuitive and cumbersome to configure. But maybe I just missed a more obvious and elegant solution to achieve the same?
The way to do that is to set the default action for member posts to Reject and set Member Options -> Administration options -> Moderation for the authorized posters to Accept or Default processing as desired. However, this allows anyone to post by spoofing an authorized address. To avoid that, leave everyone's Moderation setting at List default and post using "pre-approval" (see <https://mailman.readthedocs.io/en/latest/src/mailman/rules/docs/approved.html>.
The downside of this is it requires the poster to send a cleartext password in a header or body line of the post. It will be removed from the post delivered to list members, but sending it in cleartext in an email may be an issue. We will eventually do something with PGP signatures instead, but that isn't here yet.
And one more comment: if I make the list an "anonymous list" (i.e. "hide the sender of a message, replacing it with the list address"), then header filters for the "from" header don't work any longer. That's kind of unexpected as well. I would have expected mailman to process the header filters at reading the incoming mail, not after rewriting headers of the outgoing mail?
Your expectation is correct. All the applicable rules are applied to the incoming message before any message alterations such as anonymizing are applied. Possibly you were confused because some other rule's action took precedence over your header rule.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan