[Mailman-Users] Announce only list & security
moseleymm at hank.org
Tue Dec 18 00:27:51 CET 2001
To setup an announce-only list, you add the people that can send to "posters":
If member_posting_only is 'no', then only the posters listed here
will be able to post without admin approval
What options are available to prevent spoofing one of those addresses? I
know I can set
Hide the sender of a message, replacing it with the list address
(Removes From, Sender and Reply-To fields)
Is there anything else? I suppose it would it be safer to approve all
requests and then when sending out an announcement approve my own messages.
I used a list manager a while back where you could add "approve: password"
to the body of the message to all posting of that message. But, of course,
you type "aprove" by mistake and then there's your password sent to everyone.
I wonder if for announce only lists it would be a good idea to have a
form-based method to send the email (just a little more secure than SMTP).
Another nice feature for announce only lists would be to bounce/drop all
mail sent to the list *except* a few listed addresses. The to add
security, set the list to require approval for those messages.
Any of that make sense?
mailto:moseley at hank.org
More information about the Mailman-Users