Hi,
I'm running a list on Mailman 2.1.3 and I am looking to secure my list as much as possible. I saw this in FAQ 3.11 (http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq03.011.htp):
A more secure alternative is for your approved posters to add an Approved header to their postings as a header, or as the first line of the post).
I'd like to implement this but I'm uncertain to go about it. I'm pretty certain the content filtering options are where the test for the Approved header should go. My question is how can the header be added to the posting? Any insight or tips as to how this can be accomplished will be appreciated.
Thanks, Sean
Sean wrote on Thu, 6 May 2004 12:12:18 -0400 (EDT):
A more secure alternative is for your approved posters to add an Approved header to their postings as a header, or as the first line of the post).
I'd like to implement this but I'm uncertain to go about it. I'm pretty certain the content filtering options are where the test for the Approved header should go.
No, you got that wrong. Usually, you have to approve an email via web interface. If it contains the Approved header and password then it gets handled in the same way as if you had approved it via web, just that this works automatically. There's no "test" to put anywhere. Actually, it's an old mailing list method which was invented earlier than web interfaces.
My question is how can the header be added to the
posting? Any insight or tips as to how this can be accomplished will be appreciated.
It's exactly as it says:
add an Approved header to their postings as a header
and if the program isn't able to do this:
as the first line of
the post).
So, put "Approved: password" in the first line or as a header. Note, this will be parsed away and NOT distributed to the list, don't worry!
Kai
--
Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org
"Kai" == Kai Schaetzl <maillists@conactive.com> writes:
Kai> So, put "Approved: password" in the first line or as a
Kai> header. Note, this will be parsed away and NOT distributed to
Kai> the list, don't worry!Well, worry a little. It's cleartext, so unless you're using a VPN/ encrypted channels/intranet-only you have to be aware that it can be sniffed off the 'net. Also, if you bypass the list for some recipients (eg, a wide reply), they'll get it. And of course passwords are relatively weak security if they're mnemonic.
If security means "against spam/viruses", likely you don't need to be so paranoid.
-- Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Ask not how you can "do" free software business; ask what your business can "do for" free software.
participants (3)
-
Kai Schaetzl -
Sean -
Stephen J. Turnbull