Ivan Fetch wrote:
We would like to integrate Mailman with a spam quarantine system. List admin(s) will need to login to manage quarantined messages, and we would like this login to use the list admin password. I'd like some feedback on the best way to accomplish this, with Mailman.
I can think of two ways to accomplish this -
Mailman consults LDAP for the list admin password, and is able to also set that password (for the web UI and the change_pw script). Mailing lists are already defined in LDAP for our MTAs.
The Mailman list admin passwords are stored in an unencrypted form, which we regularly sync to LDAP, for the quarantine system to use.
IT seems like option 2 would be simpler in terms of code, although less ideal (because the password wouldn't be encrypted).
Which method (or is there a third way?) is going to make the most sense for seamless integration with Mailman?
I suggest a third method.
Do not change Mailman at all.
Periodically, via cron and/or on demand, retrieve the list's 'password' attribute from lists/listname/config.pck. This can be done with a Python program using the Mailman API to instantiate the list and get the password, or it could be done with a withlist script whose process was simply
def get_list_pw(mlist): print mlist.password
or it could be done, e.g., by
/path/to/bin/dumpdb /path/to/lists/$listname/config.pck |
grep \'password\' | sed -e s'/^.*: .//' -e 's/.,$//'
This is the encrypted password. Store that in LDAP and have your quarantine system validate a password by encrypting it using Mailman's algorithm (a 40-hex-digit representation of a SHA1 hash of the plaintext) and comparing that to the list's encrypted password.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan