security on an announce-only list
![](https://secure.gravatar.com/avatar/b3c7708434e3d1b937de8b5e71b19ed7.jpg?s=120&d=mm&r=g)
Hello,
I created an announce-only list. To do this in 'Privacy section' I set the moderation on, the poster receives a rejection notice which explains that this is an announce-only list.
In 'membership management' I disabled moderation for people who should be able to send msgs to the list.
There is however a potential problem with this approach. Suppose that the pc of one of these authorized posters gets infected with a virus. The virus could propagate on the list.
Or somebody could pretend to be an authorized posters by spoofing the from address and the msg would be distributed on the list.
I would like to activate an alternate moderation action for the members who are allowed to post to the list.
However I don't immediately see a way to implement this. Any ideas? How are you handling this?
Thanks in advance, Best regards, -Jeroen-
-- Jeroen Valcke sst@belnet.be jeroen.valcke@belnet.be
![](https://secure.gravatar.com/avatar/b3c7708434e3d1b937de8b5e71b19ed7.jpg?s=120&d=mm&r=g)
To answer my own question. There's an entry in the FAQ on this.
http://www.python.org/cgi-bin/faqw-mm.py?req=all#3.11
Best thing to do is use the approve header or an approve line in the msg.
However I would like to know if a seperate moderation would be possible.
Or alternatively restrict the address that can post to the list (even with the approve passwd)
There are some methods in this faq entry but none seem to combine approved passwd and address check.
-Jeroen-
On Mon, Jun 16, 2003 at 10:31:23AM +0200, Jeroen Valcke wrote:
I created an announce-only list. To do this in 'Privacy section' I set the moderation on, the poster receives a rejection notice which explains that this is an announce-only list.
In 'membership management' I disabled moderation for people who should be able to send msgs to the list.
There is however a potential problem with this approach. Suppose that the pc of one of these authorized posters gets infected with a virus. The virus could propagate on the list.
Or somebody could pretend to be an authorized posters by spoofing the from address and the msg would be distributed on the list.
I would like to activate an alternate moderation action for the members who are allowed to post to the list.
However I don't immediately see a way to implement this. Any ideas? How are you handling this?
-- Jeroen Valcke sst@belnet.be jeroen.valcke@belnet.be
![](https://secure.gravatar.com/avatar/b3c7708434e3d1b937de8b5e71b19ed7.jpg?s=120&d=mm&r=g)
On Mon, Jun 16, 2003 at 11:57:29AM +0200, Jeroen Valcke wrote:
Best thing to do is use the approve header or an approve line in the msg.
IMHO, the problem with the approve passwd is that anybody who knows (or guesses) the approve passwd can post to the list.
So even non-members can post when they add the approve passwd. Hasn't anybody had bad experiences with that?
-Jeroen-
-- Jeroen Valcke sst@belnet.be jeroen.valcke@belnet.be
![](https://secure.gravatar.com/avatar/7572ff765cfe8ae5277b3a106538708b.jpg?s=120&d=mm&r=g)
On Monday, Jun 16, 2003, at 02:31 Canada/Mountain, Jeroen Valcke wrote:
In 'membership management' I disabled moderation for people who should be able to send msgs to the list.
NO, tun on moderation for EVERYONE.
When someone wants to post, the start their message with
Approved: <listpassword>
the message gets posted and the Approved: header is stripped.
-- "As God as my witness, I though turkey's could fly," Arthur Carlson, WKRP in Cincinnati
![](https://secure.gravatar.com/avatar/b3c7708434e3d1b937de8b5e71b19ed7.jpg?s=120&d=mm&r=g)
On Mon, Jun 16, 2003 at 01:35:07PM -0600, LuKreme wrote:
On Monday, Jun 16, 2003, at 02:31 Canada/Mountain, Jeroen Valcke wrote:
In 'membership management' I disabled moderation for people who should be able to send msgs to the list.
NO, tun on moderation for EVERYONE.
Sorry, I meant to say 'enabled'. See my first paragraph.
When someone wants to post, the start their message with
Approved: <listpassword>
the message gets posted and the Approved: header is stripped.
Yeps, indeed. Works fine now. However I was wondering could an extra check be added? Like for example msgs with approve are only allowed from certain addresses.
-Jeroen-
-- Jeroen Valcke sst@belnet.be jeroen.valcke@belnet.be
![](https://secure.gravatar.com/avatar/58dc45a231a1037125da33641cda24d3.jpg?s=120&d=mm&r=g)
Hi,
Im using redhat 8.0 + mailman 2.0.13.
It happens that Im using add_members to mass subscribe 25,000 members.
When I try to do it, the script tells me that several email adresses was already subscribed, but they were not. I use list_members and bingo! The emails informed as already subscribed are not subscribed.
Is there a maximum number of members I can subscribe once? I seems that add-members
The problem is that sync_members is even worse, because it can handle less than 3,000 adresses once and aborts if it finds any error.
Im searching a syncronize solution. I was thinkin about deleting and adding all the members any time I need to sync the list. But I found that problem with add-members.
Again: is there a maximum number of members to subscribe each time I run add_members?
Thanks.
![](https://secure.gravatar.com/avatar/e6041bf1a7b49ae3a76ff4859a1b03c7.jpg?s=120&d=mm&r=g)
On Thu, Aug 07, 2003 at 03:39:00PM -0300, Gustavo Gouvea wrote:
Im using redhat 8.0 + mailman 2.0.13.
It happens that Im using add_members to mass subscribe 25,000 members.
When I try to do it, the script tells me that several email adresses was already subscribed, but they were not. I use list_members and bingo! The emails informed as already subscribed are not subscribed.
Is there a maximum number of members I can subscribe once?
I've done over 40,000 on Red Hat Linux 7.0 and mailman 2.0.13. When I saw the duplicate member error, it turned out that I had the same user in my text file twice, but with different case. Do a case-insensitive uniq on your input file and see if that helps.
.../Ed
-- Ed Wilts, Mounds View, MN, USA mailto:ewilts@ewilts.org
participants (4)
-
Ed Wilts
-
Gustavo Gouvea
-
Jeroen Valcke
-
LuKreme