Subscribers accessing private list archives
Hi,
I help manage a series of mailing lists. It is currently configured for me to manually subscribe users. We do not offer the subscribers the opportunity to manage their own subscription...they are required to be a part of this list. We do not have passwords setup for subscribers, so they do not have to do the periodic password updates.
I also have the lists setup to privately archive.
I am looking for a way to give subscribers a generic password that would authenticate them to be able to view the archives (so they can revisit any past messages). Note, I do not want them to be able to access their subscriber settings to be able to unsubscribe themselves. I would almost like to just have everyone be given a generic password (that I could give out upon request), so they can view the private archives. That's all.
Any ideas? Our Mailman access is restricted just to accessing our mailing lists administration pages on the web. Our service is hosted...I do not have direct access to the server.
Thanks,
Ian
On Fri, 19 Aug 2011, Prietz, Ian wrote:
I am looking for a way to give subscribers a generic password that would authenticate them to be able to view the archives (so they can revisit any past messages). Note, I do not want them to be able to access their subscriber settings to be able to unsubscribe themselves. I would almost like to just have everyone be given a generic password (that I could give out upon request), so they can view the private archives. That's all.
I would set the archives to be public, but require authentication through the webserver for this area of the site. If you can use .htaccess files, you might be able to require that a password be entered to access /pipermail/<listname> under your domain.
since I admin my own servers, I don't know how easy this would be to do, but someone here would.
Geoff.
Geoff Shang wrote:
On Fri, 19 Aug 2011, Prietz, Ian wrote:
I am looking for a way to give subscribers a generic password that would authenticate them to be able to view the archives (so they can revisit any past messages). Note, I do not want them to be able to access their subscriber settings to be able to unsubscribe themselves. I would almost like to just have everyone be given a generic password (that I could give out upon request), so they can view the private archives. That's all.
I would set the archives to be public, but require authentication through the webserver for this area of the site. If you can use .htaccess files, you might be able to require that a password be entered to access /pipermail/<listname> under your domain.
since I admin my own servers, I don't know how easy this would be to do, but someone here would.
This is a good idea, but since the OP's Mailman is hosted and the OP doesn't have access to the host server, it would require that the host admins install the .htaccess files and maintain the 'htpasswd' files for authentication. They may be willing to do this as the .htaccess files could be installed per list as archives/private/LISTNAME/.htaccess. This also requires that the archives/private/LISTNAME/ directories be directly or indirectly "AllowOverride AuthConfig".
Another possibility is that since all users have a password whether they know it or not, you could set the password to a known generic value for all users. I wouldn't advise this however, as it would allow any user to access any other user's options with the same password.
That raises another question. Since this is a hosted Mailman, I would assume it is pretty "vanilla" so presumably, you prevent users from unsubscribing by setting unsubscribe_policy to Yes, otherwise they could easily unsubscribe by email, but how do you prevent them from requesting a password reminder from the options login page and then using it to login and change their options, e.g. set mail delivery off.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 8/19/11 9:36 AM, Prietz, Ian wrote:
Hi,
I help manage a series of mailing lists. It is currently configured for me to manually subscribe users. We do not offer the subscribers the opportunity to manage their own subscription...they are required to be a part of this list. We do not have passwords setup for subscribers, so they do not have to do the periodic password updates.
I also have the lists setup to privately archive.
I am looking for a way to give subscribers a generic password that would authenticate them to be able to view the archives (so they can revisit any past messages). Note, I do not want them to be able to access their subscriber settings to be able to unsubscribe themselves. I would almost like to just have everyone be given a generic password (that I could give out upon request), so they can view the private archives. That's all.
Any ideas? Our Mailman access is restricted just to accessing our mailing lists administration pages on the web. Our service is hosted...I do not have direct access to the server.
Thanks,
Ian Perhaps you could create a dummy subscription that you give people the information for. That way you could give people the password for that subscription. Just need to watch to make sure no one plays with its settings.
Also, they are still able to unsubscribe themselves, as they can get an unsubscription message sent to their email and then use it to confirm the unsubscription.
Mailman is setup to allow people to unsubscribe (and a hosted service isn't going to let you change that), if you want to not allow this, your best bet is with social/political rules with appropriate penalties for violations.
-- Richard Damon
On 8/19/11 6:41 PM, Richard Damon wrote:
Perhaps you could create a dummy subscription that you give people the information for. That way you could give people the password for that subscription. Just need to watch to make sure no one plays with its settings.
And the email address, but this is a much better idea than giving everyone the same "generic" password which I suggested but advised against in my reply at <http://mail.python.org/pipermail/mailman-users/2011-August/072108.html>.
Also, they are still able to unsubscribe themselves, as they can get an unsubscription message sent to their email and then use it to confirm the unsubscription.
But as I implied at least in the reply referenced above, if you set the list's unsubscribe_policy to Yes, even a users confirmed unsubscribe is not effective until approved by an admin/moderator so this can be used to prevent users from unsubscribing, but you can't prevent a user from getting an on-demand password reminder and logging in to her options page and setting "no mail".
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California Better use your sense - B. Dylan
On 8/20/11 12:24 AM, Mark Sapiro wrote:
But as I implied at least in the reply referenced above, if you set the list's unsubscribe_policy to Yes, even a users confirmed unsubscribe is not effective until approved by an admin/moderator so this can be used to prevent users from unsubscribing, but you can't prevent a user from getting an on-demand password reminder and logging in to her options page and setting "no mail".
A bigger problem is that even if you can force the list to send mail to the user, the user can still black list the mail if they really don't want to see it, and there is nothing you can do unless you are also being their MSP. And the problem with them blacklisting you is that for some MSPs that can affect their spam filters and others (who want to get your message) my find it being blocked by spam filters.
This is part of the reason such a policy doesn't work. Forcing someone to receive messages just doesn't work, there needs to be enough value in them that the people want to get them.
-- Richard Damon
participants (4)
-
Geoff Shang
-
Mark Sapiro
-
Prietz, Ian
-
Richard Damon