[Mailman-Users] member_posting_only=yes problem

Chuq Von Rospach chuqui at plaidworks.com
Thu Nov 9 18:37:56 CET 2000

At 11:48 AM -0500 11/9/00, Barry A. Warsaw wrote:

>The /real/ solution is to extend the notion of membership to a person
>instead of an email address.  This is all dependant on the Real User
>Database, but the quick sketch is that you'd be able to register
>yourself with the site and associate a number of email addresses with
>your name.

heh. I got a request for that this morning from a user... (grin)

>  You could then do a lot of cool things like have different
>addresses subscribed to different lists as the primary repicient, use
>any of those addrs as `keys' to your account for login purposes,

Speaking of keys -- here's a thought. Rather than support lots of 
email aliases, how about assigning (optionally) an acccess key to a 
user. That key could be played in an X-Mailman-Key header, and would 
uniquely ID a user from any account (it would have to be stripped on 
the way through...), and ID into the user database. Might that make 
it easier for the type of user who would be likely to do this kind of 

>A short term solution (i.e. Mailman 2.1) may be to add an option that
>the list admin can turn on, which would add Reply-To: in the list of
>fields to use for the membership test.  I'll add that to the TODO

I think I have issues with this -- but I'm having trouble 
articulating them. I have to think this through and figure out if 
there's a problem here, or if I merely think there is. But my issue 
is that there is at least *some* authentification on the From line, 
but  no controls at all on Reply-to by users MTAs. I really don't 
like the idea of being able to set my From: to chuqui at plaidworks.com, 
but tweak the reply-to to barry at wooz.org and be able to post to a 
list I'm not subscribed to.

oh -- I know one reason why it's a bad idea. What about lists with 
Reply-to coerced? Mailman validates the address in the Reply-to for 
posting, and then deletes it from the header, replacing it iwth it's 
own. (does Mailman strip Reply-to when coercion isn't set? I don't 
remember offhand). You have a risk here of having someone who can 
post to the list without any visible trace of their access point -- 
if you have a sneaky troll whacking at a list after being kicked out, 
this will drive an admin crazy.

The security of the "From" line can be shakey, no question. But the 
security of the reply-to is non-existant, and I just have issues 
setting up a system that allows authentification off of it. This one 
rings my alarm bells beyond what I just wrote, but I'm not sure why 
yet. I just think it's a bad idea....

Chuq Von Rospach - Plaidworks Consulting (mailto:chuqui at plaidworks.com)
Apple Mail List Gnome (mailto:chuq at apple.com)

Be just, and fear not.

More information about the Mailman-Users mailing list