[Mailman-Developers] security szenario possible?
Harald Meland
Harald.Meland@usit.uio.no
09 Apr 2000 21:55:36 +0200
[Adrian Letzner - Sun Germany Berlin SE]
> i would like to know, if mailman can handle the following szenario:
>
> 1. automatic subscribing to a fixed list (eg. via cgi script). that
> means:
> a program (eg. cgi-script) should handle the subscribing/unsubscribing
> mechanism by sending a static mail to the *-request address WITHOUT (!!)
> using the password mechanism (new privacy option: *not confirming).
In fact, that does not constitute a new privacy option -- if you put
ALLOW_OPEN_SUBSCRIBE = 1
in your ~mailman/Mailman/mm_cfg.py, a fourth option "none" should
magically appear for "What steps are required for subscription?" on
all your lists Privacy Options pages.
Note that this allows _any_ of the lists in your Mailman installation
to use the open subscribes option, and that is not necessarily a good
thing (in that it allows anyone to subscribe unsuspecting others to
your lists against their will).
> 2. deleting the mail-header to anonymisize the mails which will be
> posted.
Doesn't the
Hide the sender of a message, replacing it with the list address
(Removes From, Sender and Reply-To fields)
option on the bottom of the Privacy Options page do this?
--
Harald