Hi mailman-users@mail.python.org I recently moved 50 lists from majordomo to mailman (succesfuly, thanks :-).
Question: Under majordomo I had various pairs of lists, eg event-announce@ Large list, low traffic, event announcements none but organisers could post. event-org@ Small list, free unmoderated discussion among organisers, all on event-announce@ could post feedback such as event bookings back to organisers.
My majordomo list configurationss included:
event-announce.config
restrict_post = event-org other-event-org .domain-trusted-posters
event-org.config
restrict_post = event-announce event-org other-event-org
.domain-trusted-posters
On mailman lit configs, On event-announce@ I asserted default moderated bit on all new & existing members of event-announce@, & removed moderated bit on individual organisers.
My main problem: No one on event-announce@ can now respond to event-org@ with "Count me in for event! / Who is organiser next week? etc" My lesser problem: When someone joins event-org@ I have to manually remove moderator bit from their personal membership entry in event-announce@ (& re-assert if they leave).
Are Sibling lists a solution? How please ?, I've never used them yet.
Cheers, Julian
Julian Stacey, BSD Linux Unix Sys Eng Consultant Munich Reply below, Prefix '> '. Plain text, No .doc, base64, HTML, quoted-printable. http://berklix.eu/brexit/#stolen_votes
On 09/25/2016 02:32 AM, Julian H. Stacey wrote:
This is not a secure way to restrict posts to event-announce because anyone can post by spoofing the address of an unmoderated member whose address is known by virtue of having posted to the list. See the sections "How to restrict the list so only authorized persons can post:" and "How to post to the announcement list:" at <https://wiki.list.org/x/4030685>.
However, this may not be viable in your case depending on the logistics of distributing the lists poster password to the authorized posters.
Add '@event-announce' to accept_these_nonmembers of the event-org list. This will allow anyone who is a member of event-announce, and not a member of event-org to post to event.org without moderation. This will not affect event-org posts from a member of event-org.
You could add @event-org to accept_these_nonmembers of the event-announce list. This would allow any member of event-org to post to event-announce, but it is subject to the same spoofing vulnerability as noted for 'un-moderation', and members of event-org who are not members of event-announce won't receive event-announce posts.
Are Sibling lists a solution? How please ?, I've never used them yet.
Sibling lists may help some of this. If you add event-org@... to regular_include_lists of event-announce that will solve the potential issue of event-org members who are not members of event-announce not receiving event-announce posts.
So, there are choices depending on whether or not you are concerned about unauthorized posts to event-announce by spoofing authorized senders.
If you aren't concerned: Add '@event-announce' to accept_these_nonmembers of event-org. Add '@event-org' to accept_these_nonmembers of event-announce. Add event-org@... to regular_include_lists of event-announce. Ensure that anyone who is a member of both event-announce and event-org is not moderated on event-announce or posts to event-announce with an Approved: <password> header. Easiest is to ensure members of event-org aren't members of event-announce.
If you are concerned: Add '@event-announce' to accept_these_nonmembers of event-org. Do not add '@event-org' to accept_these_nonmembers of event-announce. Moderate everyone on event-announce and authorized posters can post to event-announce with an Approved: <password> header, instructions for which can be posted to the event-org list if its archives are private.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Thanks for your reply Mark, very useful,
Mark Sapiro wrote:
Yes; Spoofing hasn't been a problem here so far thanks, (perhaps as most lists for technicaly competent here are open to all members umoderated anyway; Mostly it's just non tech. lists here are announce- only, to block noise many lazy & clueless. I had administrivia filters turned on in majordomo & now with mailman, I needed to add to MJ regexp filters, so if I do with MM, I'll hope to contribute back to MM devs.
Yes, not viable here, many event organisers on the non tech lists woundn't cope inserting a password in header. So later, if I have to.
OK Found under http://mailman.berklix.org/mailman/admin/event-org/privacy/sender Non-member filters.
OK Thanks, Done, last bit no prob. I have (up to now) required all members of *-org@ to be on *-announce@ (but I think per your post below I'll switch to include event-announce@ traffic to event-org@)
I asserted wrong record via wrong box on web form first go,
but then confirmed I have right one with this check:
cd /usr/local ;
mailman/bin/dumpdb mailman/lists/event-org/config.pck | grep accept_these
{ 'accept_these_nonmembers': ['@event', '@event-chat'],
Thanks Mark :-) If you ever visit Munich, there's a bunch of lists on http://berklix.org where you can find me to buy you a beer :-)
Cheers, Julian
Julian Stacey, BSD Linux Unix Sys Eng Consultant Munich Reply below, Prefix '> '. Plain text, No .doc, base64, HTML, quoted-printable. http://berklix.eu/brexit/#stolen_votes
On 09/25/2016 02:32 AM, Julian H. Stacey wrote:
This is not a secure way to restrict posts to event-announce because anyone can post by spoofing the address of an unmoderated member whose address is known by virtue of having posted to the list. See the sections "How to restrict the list so only authorized persons can post:" and "How to post to the announcement list:" at <https://wiki.list.org/x/4030685>.
However, this may not be viable in your case depending on the logistics of distributing the lists poster password to the authorized posters.
Add '@event-announce' to accept_these_nonmembers of the event-org list. This will allow anyone who is a member of event-announce, and not a member of event-org to post to event.org without moderation. This will not affect event-org posts from a member of event-org.
You could add @event-org to accept_these_nonmembers of the event-announce list. This would allow any member of event-org to post to event-announce, but it is subject to the same spoofing vulnerability as noted for 'un-moderation', and members of event-org who are not members of event-announce won't receive event-announce posts.
Are Sibling lists a solution? How please ?, I've never used them yet.
Sibling lists may help some of this. If you add event-org@... to regular_include_lists of event-announce that will solve the potential issue of event-org members who are not members of event-announce not receiving event-announce posts.
So, there are choices depending on whether or not you are concerned about unauthorized posts to event-announce by spoofing authorized senders.
If you aren't concerned: Add '@event-announce' to accept_these_nonmembers of event-org. Add '@event-org' to accept_these_nonmembers of event-announce. Add event-org@... to regular_include_lists of event-announce. Ensure that anyone who is a member of both event-announce and event-org is not moderated on event-announce or posts to event-announce with an Approved: <password> header. Easiest is to ensure members of event-org aren't members of event-announce.
If you are concerned: Add '@event-announce' to accept_these_nonmembers of event-org. Do not add '@event-org' to accept_these_nonmembers of event-announce. Moderate everyone on event-announce and authorized posters can post to event-announce with an Approved: <password> header, instructions for which can be posted to the event-org list if its archives are private.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Thanks for your reply Mark, very useful,
Mark Sapiro wrote:
Yes; Spoofing hasn't been a problem here so far thanks, (perhaps as most lists for technicaly competent here are open to all members umoderated anyway; Mostly it's just non tech. lists here are announce- only, to block noise many lazy & clueless. I had administrivia filters turned on in majordomo & now with mailman, I needed to add to MJ regexp filters, so if I do with MM, I'll hope to contribute back to MM devs.
Yes, not viable here, many event organisers on the non tech lists woundn't cope inserting a password in header. So later, if I have to.
OK Found under http://mailman.berklix.org/mailman/admin/event-org/privacy/sender Non-member filters.
OK Thanks, Done, last bit no prob. I have (up to now) required all members of *-org@ to be on *-announce@ (but I think per your post below I'll switch to include event-announce@ traffic to event-org@)
I asserted wrong record via wrong box on web form first go,
but then confirmed I have right one with this check:
cd /usr/local ;
mailman/bin/dumpdb mailman/lists/event-org/config.pck | grep accept_these
{ 'accept_these_nonmembers': ['@event', '@event-chat'],
Thanks Mark :-) If you ever visit Munich, there's a bunch of lists on http://berklix.org where you can find me to buy you a beer :-)
Cheers, Julian
Julian Stacey, BSD Linux Unix Sys Eng Consultant Munich Reply below, Prefix '> '. Plain text, No .doc, base64, HTML, quoted-printable. http://berklix.eu/brexit/#stolen_votes
participants (2)
-
Julian H. Stacey -
Mark Sapiro