[Mailman-Users] BUG(S): Mailman ignoring setting of privacy option to replace li st in from field st in from field

Nicholson James D James.Nicholson at amedd.army.mil
Sat Apr 10 07:14:44 CEST 1999

Problem:  Selecting the privacy option to "Hide the sender of a message,
replacing it with the list address" is ignored by mailman.  The sender is
still listed in the From field.  And frankly, if mailman can't do this, then
it is a fancy way to manage mail aliases.  This is the only feature that I
need for a collaborative list, since, I want people to talk to everyone all
at once, not just among themselves.  IMHO, this option should probably be
moved from privacy to being a general option, since, it defines the list as
collaborative, not merely a convenient way to remember mailing addresses.

I would like to know what code is handling this area.  I'll fix it myself,
if I someone can point me to it.

Also, mailman can't allow apache to implement one security feature in the
httpd.conf recommended by apache, namely:
<Directory />
   Order deny,allow
   Deny from all

Apparently mailman needs to configure the server to allow directory listings
in order to work.  Is this really neccesary?

And while I have your attention, it seems that the default list setup is for
a completely public list.  It should probably be the other way around so
that mailman administrators don't make a big boo-boo.  

Also, the INSTALL document needs to mention about setting of allow/deny
options of apache.  For instance, a corporate server might deny everyone
except the corp.   For instance, I deny anything which is not .gov or .mil
from seeing the web site, EXCEPT for the machines of people on the list.
So, if you set up apache to be restrictive, you need to modify apache to
allow people in the list to subscribe.  You may want to put an option in
there somewhere for mailman to generate a perl script to be run by root
which will modify the httpd.conf to allow individual machines to have access
to the web site as part of an approved subscription.  You may ask how "how
in the devil am I going to locate a DHCP machine behind a firewall?"  The
answer is not simple, but, it works - cookies.  Couple a public web server
to the private one.  Mail them a URL when they subsribe via mail, they click
on the other URL from which they receive a cookie.  Allow access
conditionally on domain/cookie in apache /* which involves rewriting apache
:(  */  and you're there.  Otherwise, it's back to manual editing, which I
don't mind in this case because my list is small.   However, why did Larry
create perl?

More information about the Mailman-Users mailing list