[Mailman-Developers] Posting authentication issues...

Chuq Von Rospach chuqui@plaidworks.com
Tue, 27 Nov 2001 15:12:08 -0800

Barry, here's a request that you might want to chew on.

On our corporate box, we'd like the ability to limit posting to subscribed
addresses OR from a given domain (all foo@dom.ain addresses also allowed to
post). We gateway lists to usenet internally, and want to encourage
employees to get involved without having to go through the subscription
process for things they're reading via news. And yes, I know the news
gateway is bidirectional, some employees prefer e-mail.

Will 2.1 have a way to do this easily?

One of my worries, of course, are forged addresses. A hack like that leave
you open to any troll with half a brain.

So my second thought was: how about some mechanism that validates posting
based on information embedded in the message? Majordomo does that with an
Approved: heading for admins, but I'm thinking more of a general setup.

For instance, if you could set a list/server(global) configuration of:

If (regex matches) approve posting automatically

You could build a regex, for instance, of:



Password: hidden

Or even:


The latter would be what I'd want to use, in fact, for auto-approval of
internal postings; I can, in fact, guarantee that if it comes though the
firewall from the firewall relay machines, it's from an employee, where the
from address might not be reliable.

What do you think? 

FWIW, I apologize for being seriously missing. Just back from two weeks
doing R&R in British columbia, and I"m just now returning to the world of
having to show up at work once or twice a week. Tanned, rested and ready.
Well, technically, mossy, rested and ready... (giggle)