> first of all, is it okay to use the following apache srm.conf > aliases for mailman instead of the one it asks for? > > Alias /archives/ /home/mailman/archives/public/ > ScriptAlias /lists/ /home/mailman/cgi-bin/ > > (everything seems to work fine with that except the following) This isn't going to work (as you already found out) for the private archives. Suppose that you were going to try to access /archives/private. /archives expands out to /home/mailman/archives/public, then /private is appended to give you a final destination of /home/mailman/archives/public/private What you really want it to expand out to is /home/mailman/archives/private You should change your aliases to Alias /archives/public /home/mailman/archives/public/ Alias /archives/private /home/mailman/archives/private/ > dir and subdirs and everything looks ok. Here's my > relevant lines in access.conf. > > > Options Indexes FollowSymLinks Includes ExecCGI > AllowOverride None > order allow,deny > Allow from all > Ooops. You might want to turn off the Includes option there. Otherwise list managers can use the HTML editing features of Mailman to run programs on your system from the archives. i.e. adding this HTML could pop up an xterm as the user running the script onto a remote system: (which is one reason why I don't have any X binaries on my Web server). By carefully manipulating these values (and a little security know-how) a skilled cracker could easily gain a root shell to your system. If you absolutely have to allow SSI, you may want to at least run Mailman through an SSL-aware server. At least then your passwords won't be flying across the ether in a sniffable form. A better thing to do is only allow CGI within $prefix/cgi-bin and symlinks in $prefix/archives: Options ExecCGI Options FollowSymLinks Of course, replace $prefix with the directory where Mailman is installed. Chris