Restricting access to the pipermail archives
I want to give my users archives, but require authentication to access the archives. They should not be accessible to non-members.
How can I tie mailman's existing authentication (which can for example conceal the member list from non-members), into pipermail?
On Thu, Aug 20, 2015 at 09:08:43AM -0700, Mark Sapiro wrote:
Which is (much) simpler than the way I suggested, thinking you were after something for all list members, regardless of which list.
-- "If more of us valued food and cheer and song above hoarded gold, it would be a merrier world" -- J. R. R. Tolkien
It is not clear to me that archive_private controls access to the archive.
My understanding is that archive_private is used to inform mailman that the email addresses visible in the archive should be presented differently depending if the archive will be made publicly accessible or not. i.e. munge the email addresses if there's a chance spambots can find them.
I would like to NOT munge the addresses, so they are useful to click on for my users. But I want all of the text of each archived message to be kept in secret on the server, viewable only by members of the list.
I only really have one list given the kind of organization this is for. (a neighborhood of about 35 homeowners) My reason for offering mailman to them in the first place is so I don't have to see a big list of email addresses every time we send or receive something, and so that the list can be kept in a central place (on the HOA web server).
I want all members and no non-members to be able to see who else is on the list (that part already works), and for all members and no non-members to be able to browse the archives.
To that end Adam's original suggestion of iterating over list_members seems plausible. I would hope there was a more "supported" way to do this, like having a setting in postfix that causes it to create and maintain htaccess files in each list's private directory. But I am up to the challenge of writing it myself. I already made minor sourcecode modification to my install to tweak how the names in from addresses are calculated.
On Thu, Aug 20, 2015 at 11:15 AM, Adam McGreggor <adam-mailman@amyl.org.uk> wrote:
On 08/20/2015 11:26 AM, Billy Crook wrote:
It is not clear to me that archive_private controls access to the archive.
It does. Try it. If archive_private is 'public' there is a symlink from archives/public/listname to archives/private/listname and a URL like http://example.com/pipermail/listname will work without authentication. If you set archive_private to 'private', that symlink is removed, the pipermail URL won't work and the only access to the archive is via a URL like http://example.com/mailman/private/listname which requires authentication and which will be displayed the archive URL on the listinfo page and in List-Archive: headers.
That is the Defaults.py/mm_cfg.py setting ARCHIVER_OBSCURES_EMAIL_ADDRESS.
Set
ARCHIVER_OBSCURES_EMAIL_ADDRESS = No
in mm_cfg.py and set the list's archive_private to 'private.
I would hope there was a more "supported" way to do this,...
Just do the above. That will do it.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Billy Crook writes:
Any reason I should keep pipermail's config in apache around if I don't want the list archives viewable anonymously?
Mailman doesn't serve HTTP, Apache does. The Apache config is what makes them viewable on the web. If you expect them to be viewable to subscribers, you need the config. If you don't want *anybody* viewing them, no need for the config. (I wonder why you keep archives in Mailman at all in that case, though.)
On Tue, Aug 25, 2015 at 9:28 PM, Stephen J. Turnbull <stephen@xemacs.org> wrote:
There were two parts that I see in mailman's apache config: ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/ <Directory /usr/lib/mailman/cgi-bin/> AllowOverride None Options ExecCGI Order allow,deny Allow from all </Directory>
The part above, I expect to need to keep. The part below here, is what I think I can just remove since I don't want public archives provided via pipermail. (Just private archives via the mailman path.)
Alias /pipermail/ /var/lib/mailman/archives/public/
<Directory /var/lib/mailman/archives/public>
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AddDefaultCharset Off
</Directory>On Thu, Aug 20, 2015 at 01:43:27AM -0500, Billy Crook wrote:
How about something that steps through each list's list_members, extracts their Mailman password, runs that (their Mailman password) through htpasswd, appends to an htaccess file, which you'd then use for authorization against a <LocationMatch> rule in Apache (or the equivalent in nginx) -- LocationMatch, so you can use regexp for the filename to correspond to the listname.
Cron it, and problem "solved"?
A
-- "I am invariably puzzled by the attitude of Oxbridge to its ecclesiastical past. Hearing grace recited before dinner by people you know don’t believe a word of it seems to be considered quite normal." -- David Colquhoun
On Thu, Aug 20, 2015 at 09:08:43AM -0700, Mark Sapiro wrote:
Which is (much) simpler than the way I suggested, thinking you were after something for all list members, regardless of which list.
-- "If more of us valued food and cheer and song above hoarded gold, it would be a merrier world" -- J. R. R. Tolkien
It is not clear to me that archive_private controls access to the archive.
My understanding is that archive_private is used to inform mailman that the email addresses visible in the archive should be presented differently depending if the archive will be made publicly accessible or not. i.e. munge the email addresses if there's a chance spambots can find them.
I would like to NOT munge the addresses, so they are useful to click on for my users. But I want all of the text of each archived message to be kept in secret on the server, viewable only by members of the list.
I only really have one list given the kind of organization this is for. (a neighborhood of about 35 homeowners) My reason for offering mailman to them in the first place is so I don't have to see a big list of email addresses every time we send or receive something, and so that the list can be kept in a central place (on the HOA web server).
I want all members and no non-members to be able to see who else is on the list (that part already works), and for all members and no non-members to be able to browse the archives.
To that end Adam's original suggestion of iterating over list_members seems plausible. I would hope there was a more "supported" way to do this, like having a setting in postfix that causes it to create and maintain htaccess files in each list's private directory. But I am up to the challenge of writing it myself. I already made minor sourcecode modification to my install to tweak how the names in from addresses are calculated.
On Thu, Aug 20, 2015 at 11:15 AM, Adam McGreggor <adam-mailman@amyl.org.uk> wrote:
On 08/20/2015 11:26 AM, Billy Crook wrote:
It is not clear to me that archive_private controls access to the archive.
It does. Try it. If archive_private is 'public' there is a symlink from archives/public/listname to archives/private/listname and a URL like http://example.com/pipermail/listname will work without authentication. If you set archive_private to 'private', that symlink is removed, the pipermail URL won't work and the only access to the archive is via a URL like http://example.com/mailman/private/listname which requires authentication and which will be displayed the archive URL on the listinfo page and in List-Archive: headers.
That is the Defaults.py/mm_cfg.py setting ARCHIVER_OBSCURES_EMAIL_ADDRESS.
Set
ARCHIVER_OBSCURES_EMAIL_ADDRESS = No
in mm_cfg.py and set the list's archive_private to 'private.
I would hope there was a more "supported" way to do this,...
Just do the above. That will do it.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Billy Crook writes:
Any reason I should keep pipermail's config in apache around if I don't want the list archives viewable anonymously?
Mailman doesn't serve HTTP, Apache does. The Apache config is what makes them viewable on the web. If you expect them to be viewable to subscribers, you need the config. If you don't want *anybody* viewing them, no need for the config. (I wonder why you keep archives in Mailman at all in that case, though.)
On Tue, Aug 25, 2015 at 9:28 PM, Stephen J. Turnbull <stephen@xemacs.org> wrote:
There were two parts that I see in mailman's apache config: ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/ <Directory /usr/lib/mailman/cgi-bin/> AllowOverride None Options ExecCGI Order allow,deny Allow from all </Directory>
The part above, I expect to need to keep. The part below here, is what I think I can just remove since I don't want public archives provided via pipermail. (Just private archives via the mailman path.)
Alias /pipermail/ /var/lib/mailman/archives/public/
<Directory /var/lib/mailman/archives/public>
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AddDefaultCharset Off
</Directory>On Thu, Aug 20, 2015 at 01:43:27AM -0500, Billy Crook wrote:
How about something that steps through each list's list_members, extracts their Mailman password, runs that (their Mailman password) through htpasswd, appends to an htaccess file, which you'd then use for authorization against a <LocationMatch> rule in Apache (or the equivalent in nginx) -- LocationMatch, so you can use regexp for the filename to correspond to the listname.
Cron it, and problem "solved"?
A
-- "I am invariably puzzled by the attitude of Oxbridge to its ecclesiastical past. Hearing grace recited before dinner by people you know don’t believe a word of it seems to be considered quite normal." -- David Colquhoun
participants (4)
-
Adam McGreggor -
Billy Crook -
Mark Sapiro -
Stephen J. Turnbull