[Mailman-Users] Announce only list & security

Bill Moseley moseleymm at hank.org
Tue Dec 18 00:27:51 CET 2001


To setup an announce-only list, you add the people that can send to "posters":

   If member_posting_only is 'no', then only the posters listed here 
   will be able to post without admin approval

What options are available to prevent spoofing one of those addresses?  I
know I can set 

   Hide the sender of a message, replacing it with the list address
  (Removes From, Sender and Reply-To fields)

Is there anything else?  I suppose it would it be safer to approve all
requests and then when sending out an announcement approve my own messages.

I used a list manager a while back where you could add "approve: password"
to the body of the message to all posting of that message.  But, of course,
you type "aprove" by mistake and then there's your password sent to everyone.

I wonder if for announce only lists it would be a good idea to have a
form-based method to send the email (just a little more secure than SMTP).

Another nice feature for announce only lists would be to bounce/drop all
mail sent to the list *except* a few listed addresses.  The to add
security, set the list to require approval for those messages.

Any of that make sense?


Bill Moseley
mailto:moseley at hank.org




More information about the Mailman-Users mailing list