On 11/24/20 12:30 PM, peter@chubb.wattle.id.au wrote:
Hi Folks, Running a shiny new instance of mailman3, as per the Debian package (version 3.2.2) but the moderation doesn't seem to work. WE got hit by a heap of spammers overnight, even though the 'hold for moderation' bit is set for non-members (and now for members too).
If the action for member posts was accept ot default processing at the time, perhaps the spam spoofed a member address in one of From:, Reply-To:, Sender: or the envelope sender,
Emails seem just to get straight through.
Even now with both member and non-member actions set to hold?
Any advice on how to debug this? Would upgrading to a later version using pip help?
An upgrade probably won't help. This should work in your version.
For one of the mail's, check all 4 addresses, From:, Reply-To:, Sender: and the envelope sender (available in the MTA logs). Note that Reply-To: and/or Sender: may have been modified by the list.
Then see if any of those addresses matches a member or a non-member and
what the specific moderation action is for that address. Also check the
list's accept_these_nonmembers which is probably not exposed in your
version of Postorius but which you can see via mailman shell.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan