Hi,
My hosting company provides mailman for mailing lists. I am happy with the functionality, but I have two questions
- What is the format for the upload file in mass subscription
- Is it possible to get the reverse - i.e. a listing from one list that can then be massaged and used as the upload for a new list?
-- Best regards, David mailto:dma@pern.co.uk
- Mass subscription format:
"Real Name" <email@address.com> "Real2 Name2" <email2@address2.com> ...etc has worked for me. "Real Name" is optional, you can just put email addresses on each line, e.g.
email@address.com email2@address2.com ...etc
- You can use email commands to retrieve the list of members by doing
To: listname-request@domain.com From: (a subscriber's email address, pref. admin) Subject: who password [address=<address>]
From the help:
who password [address=<address>] See everyone who is on this mailing list. The roster is limited to list members only, and you must supply your membership password to retrieve it. If you're posting from an address other than your membership address, specify your membership address with `address=<address>' (no brackets around the email address, and no quotes!)
You should be able to manipulate the reply easily enough to create a good text file for uploading to mailman.
Regards, Tom Wolfe
On Fri, 26 May 2006, David Anderson wrote:
Thus spake Tom Wolfe <twolfe@sawback.com>, circa 5/26/2006 1:05 PM:
This doesn't appear to work if there is a space in the password.
By the way, does anyone else feel uneasy sending their password in cleartext through email (especially in the subject line)?
Perhaps in a future version of mailman, commands could be authenticated in the same way as subscription requests -- with a return email asking for confirmation.
peterHi Peter - In general, as this post suggests (pardon the liberties...!), Mailman isn't super-secure. For example, all it takes to impersonate you as a member posting is to know your email address. So encrypted passwords are the least concern, and I wouldn't use a very important password.
Regarding spaces in passwords -- I just noticed this today, and had to validate my password input against spaces.
Mailman is great for simple, fast email list exchange and has its place. I've had no cause for complaints after using it for about 4 years now.
Regards, Tom Wolfe informalex.org acmg.ca/mcr and soon... trailex.org
On Fri, 2006-05-26 at 17:23 -0400, Peter C.S. Adams wrote:
Peter C.S. Adams wrote:
You are correct. I'd say it's a bug. We could probably be more sophisticated in parsing the command and its args (currently we just split on whitespace). We might support quoting, but then someone will come up with a password containing pairs of quotes.
By the way, does anyone else feel uneasy sending their password in cleartext through email (especially in the subject line)?
You don't have to send email commands in the subject. The body is processed too, but to answer your question, I don't feel uneasy about sending a list member password. They are mailed in reminders and we say not to use a valuable password. Although password reminders are going away in Mailman 2.2 in favor of a reset scheme.
I am less cavalier about the list admin password. I am not bothered by the idea of sending it, but whenever I do send it in an email command or an Approved: header, I am extra careful about how the mail is addressed.
Interesting suggestion. Please submit a feature request at <http://sourceforge.net/tracker/?group_id=103&atid=350103> or as a comment at <http://wiki.list.org/display/DEV/Mailman+2.2>.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 5/26/06 6:54 PM, "Mark Sapiro" <msapiro@value.net> wrote:
I've mentioned before that part (only part) of the problem is that we call the thing a "password". So people see "password" and plain text, and rightly respond with security anguish.
So it's not a "password" it's a "<mumble> token". (I don't know what "mumble" should be.) A lot less frightening. And as a side benefit, if it isn't a "password" some people will be less likely to use the same password they've used 10 other places, endangering their accounts at those places.
--John (at least if you think I haven't forged myself)
David Anderson wrote:
A plain text file with one entry per line, formatted as described in <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq03.044.htp>
See <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq03.062.htp>
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
- Mass subscription format:
"Real Name" <email@address.com> "Real2 Name2" <email2@address2.com> ...etc has worked for me. "Real Name" is optional, you can just put email addresses on each line, e.g.
email@address.com email2@address2.com ...etc
- You can use email commands to retrieve the list of members by doing
To: listname-request@domain.com From: (a subscriber's email address, pref. admin) Subject: who password [address=<address>]
From the help:
who password [address=<address>] See everyone who is on this mailing list. The roster is limited to list members only, and you must supply your membership password to retrieve it. If you're posting from an address other than your membership address, specify your membership address with `address=<address>' (no brackets around the email address, and no quotes!)
You should be able to manipulate the reply easily enough to create a good text file for uploading to mailman.
Regards, Tom Wolfe
On Fri, 26 May 2006, David Anderson wrote:
Thus spake Tom Wolfe <twolfe@sawback.com>, circa 5/26/2006 1:05 PM:
This doesn't appear to work if there is a space in the password.
By the way, does anyone else feel uneasy sending their password in cleartext through email (especially in the subject line)?
Perhaps in a future version of mailman, commands could be authenticated in the same way as subscription requests -- with a return email asking for confirmation.
peterHi Peter - In general, as this post suggests (pardon the liberties...!), Mailman isn't super-secure. For example, all it takes to impersonate you as a member posting is to know your email address. So encrypted passwords are the least concern, and I wouldn't use a very important password.
Regarding spaces in passwords -- I just noticed this today, and had to validate my password input against spaces.
Mailman is great for simple, fast email list exchange and has its place. I've had no cause for complaints after using it for about 4 years now.
Regards, Tom Wolfe informalex.org acmg.ca/mcr and soon... trailex.org
On Fri, 2006-05-26 at 17:23 -0400, Peter C.S. Adams wrote:
Peter C.S. Adams wrote:
You are correct. I'd say it's a bug. We could probably be more sophisticated in parsing the command and its args (currently we just split on whitespace). We might support quoting, but then someone will come up with a password containing pairs of quotes.
By the way, does anyone else feel uneasy sending their password in cleartext through email (especially in the subject line)?
You don't have to send email commands in the subject. The body is processed too, but to answer your question, I don't feel uneasy about sending a list member password. They are mailed in reminders and we say not to use a valuable password. Although password reminders are going away in Mailman 2.2 in favor of a reset scheme.
I am less cavalier about the list admin password. I am not bothered by the idea of sending it, but whenever I do send it in an email command or an Approved: header, I am extra careful about how the mail is addressed.
Interesting suggestion. Please submit a feature request at <http://sourceforge.net/tracker/?group_id=103&atid=350103> or as a comment at <http://wiki.list.org/display/DEV/Mailman+2.2>.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 5/26/06 6:54 PM, "Mark Sapiro" <msapiro@value.net> wrote:
I've mentioned before that part (only part) of the problem is that we call the thing a "password". So people see "password" and plain text, and rightly respond with security anguish.
So it's not a "password" it's a "<mumble> token". (I don't know what "mumble" should be.) A lot less frightening. And as a side benefit, if it isn't a "password" some people will be less likely to use the same password they've used 10 other places, endangering their accounts at those places.
--John (at least if you think I haven't forged myself)
David Anderson wrote:
A plain text file with one entry per line, formatted as described in <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq03.044.htp>
See <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq03.062.htp>
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (6)
-
David Anderson -
John W. Baxter -
Mark Sapiro -
Peter C.S. Adams -
Peter CS Adams aka Tom
-
Tom Wolfe