Actually, using BOTH would be best. Any name not in the restrict_post
file, that tries to post is bounced to the owner/approval/moderator
address anyway. No matter what address the trouble maker, or list member
for that matter, uses. Unless it is the allowed poster address contained
in the restrict_post file, they will not be able to spam the list. If a
spammer did figure out the From: address to use, having moderation enabled
also requires a message to have an approval header/password before resend
will distribute the message to the list members. Of course this does no
good either, if you don't change the default passwords in your list.config
> Thus spake Duane Beck (email@example.com):
> > What about setting the restrict_post list to contain only the admin's
> > address, instead of using moderator approval?
> That would work. I wouldn't recommend it though, imho. There is no
> guarantee the from header is authentic. Someone could figure this out and
> spam the list very easily.