[ mailman-Bugs-1221451 ] privacy issue with subscribers on deferred status

SourceForge.net noreply at sourceforge.net
Thu Jun 16 02:03:08 CEST 2005


Bugs item #1221451, was opened at 2005-06-15 15:00
Message generated for change (Comment added) made by wheeltrish
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1221451&group_id=103

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: security/privacy
Group: 2.1 (stable)
Status: Open
Resolution: None
Priority: 5
Submitted By: wheeltrish (wheeltrish)
Assigned to: Nobody/Anonymous (nobody)
Summary: privacy issue with subscribers on deferred status

Initial Comment:
I own a mailman listserver which is hosted on 
Dreamhost and they are currently running ver. 2.1.5 of 
mailman.

My list is set to require approval of membership 
requests, which sends the requesters into a "deferred" 
status in the "Tend to Pending Moderator Requests" 
area.

I've discovered recently that individuals on "Deferred" 
status CAN in fact post to my list, and their postings are 
seen by all approved members. The individuals 
on "Deferred" status do not receive the postings 
themselves, however.

Is this right? Shouldn't an individual who is 
marked "Deferred" not be able to post until being 
approved? This prevents me from ever stopping 
individuals who would send malicious posts to my list 
from allowing them to do so.

My list is a high volume list and increasing the level of 
moderation would be cumbersome.

Is there a way to ensure that members can't post to a 
list until they are approved, or is this problem an actual  
bug in the software?

Thanks.

----------------------------------------------------------------------

>Comment By: wheeltrish (wheeltrish)
Date: 2005-06-15 20:03

Message:
Logged In: YES 
user_id=1297461

When a person requests to subscribe to my list, they go on
"deferred" status and are not approved until I click
approved in the administrative interface. 

SINCE posting this message I had another individual post to
my list without even trying to subscribe. All she needed was
the e-mail address for posting to my list and she was able
to post. (Incidentally, my list is not listed in the
directory of mailman lists either, so how she even found the
information page with the "post to list" address on it is
still a mystery, and WHY THE POST WAS NOT REJECTED is
baffling me even further. I'm growing concerned about
protecting the privacy of my members and I've done what I
can to do that, but apparently there are holes in the system
somewhere.

ideas?

Thanks.

----------------------------------------------------------------------

Comment By: Barry A. Warsaw (bwarsaw)
Date: 2005-06-15 15:39

Message:
Logged In: YES 
user_id=12800

People waiting to be approved are not members, so the
non-member posting policy is what applies to them.  They
become members only when approved.  Perhaps you are not
holding non-member posting for approval?


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1221451&group_id=103


More information about the Mailman-coders mailing list