[ mailman-Bugs-1221451 ] privacy issue with subscribers on deferred status
Bugs item #1221451, was opened at 2005-06-15 15:00 Message generated for change (Comment added) made by wheeltrish You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1221451&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: security/privacy Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Submitted By: wheeltrish (wheeltrish) Assigned to: Nobody/Anonymous (nobody) Summary: privacy issue with subscribers on deferred status Initial Comment: I own a mailman listserver which is hosted on Dreamhost and they are currently running ver. 2.1.5 of mailman. My list is set to require approval of membership requests, which sends the requesters into a "deferred" status in the "Tend to Pending Moderator Requests" area. I've discovered recently that individuals on "Deferred" status CAN in fact post to my list, and their postings are seen by all approved members. The individuals on "Deferred" status do not receive the postings themselves, however. Is this right? Shouldn't an individual who is marked "Deferred" not be able to post until being approved? This prevents me from ever stopping individuals who would send malicious posts to my list from allowing them to do so. My list is a high volume list and increasing the level of moderation would be cumbersome. Is there a way to ensure that members can't post to a list until they are approved, or is this problem an actual bug in the software? Thanks. ----------------------------------------------------------------------
Comment By: wheeltrish (wheeltrish) Date: 2005-06-15 20:03
Message: Logged In: YES user_id=1297461 When a person requests to subscribe to my list, they go on "deferred" status and are not approved until I click approved in the administrative interface. SINCE posting this message I had another individual post to my list without even trying to subscribe. All she needed was the e-mail address for posting to my list and she was able to post. (Incidentally, my list is not listed in the directory of mailman lists either, so how she even found the information page with the "post to list" address on it is still a mystery, and WHY THE POST WAS NOT REJECTED is baffling me even further. I'm growing concerned about protecting the privacy of my members and I've done what I can to do that, but apparently there are holes in the system somewhere. ideas? Thanks. ---------------------------------------------------------------------- Comment By: Barry A. Warsaw (bwarsaw) Date: 2005-06-15 15:39 Message: Logged In: YES user_id=12800 People waiting to be approved are not members, so the non-member posting policy is what applies to them. They become members only when approved. Perhaps you are not holding non-member posting for approval? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1221451&group_id=103
participants (1)
-
SourceForge.net