As discussed above, the security afforded by SENDER checks is minimal, but nevertheless sufficient to keep out most spam and garbage. However, some subscribers post from e-mail addresses other than their subscription address, and users tend to become unfriendly when their posts are denied even though they are subscribers. This is a general solution to this problem which has minimal overhead for the list owner and is essentially completely transparent to the subscriber.
Set up the list with ezmlm-gate(1) in DIR/editor in place of the ezmlm-send(1) line. To the ezmlm-gate(1) command line add the list directory twice, then a digest directory DIR/digest/ (if it exists), then DIR/allow/. Create DIR/modpost. Add the list owner as a message moderator.
With this setup, any message from a SENDER that is a subscriber of the main list, the digest list or added to DIR/allow/, will be posted directly, others will be sent to the list owner for approval. If the list wants to automatically approve posts from that address in future (e.g. it is an alias for a subscriber) s/he just adds it to the database in DIR/allow/. If the owner wants to approve this post, but not necessarily future posts from that address, s/he just accepts the message. To reject the message with a comment is equally easy. If the owner wished to have the option to silently ignore posts (and not have the SENDER notified that the post timed out), just add the ezmlm-clean(1) -R switch in DIR/editor and DIR/moderator.
In this way, the normal subscriber is always happy and the ‘behind the scenes’ work of the owner is minimalized.
ezmlm-make creates lists with this setup if you specify the -u switch in addition to the -m switch:
% ezmlm-make -mu ~/list ~/.qmail-list joe-list host
If you omit the -m switch, the setup will reject posts from non-subscribers that are not in the ‘allow’ database. ezmlm-both(1) uses a set of similar ezmlm-make(1) invocations to create a list with digest, optionally making you a remote admin, list owner, and subscriber to both lists.