[Mailman-Users] Listreminder without PWs

Jon Carnes jonc at nc.rr.com
Sun Feb 3 21:25:19 CET 2002

On Sunday 03 February 2002 03:20, Matthias Jaenichen wrote:
> Hi,
> As we have chosen to use SSL with the Mailman-Interface it would be nice
> to get more protection for the passwords.
> 1.) How can we send the list reminders without the PWs?

Remove the job out of mailman's cron that sends out the reminder.  Add your 
own message and have cron send that instead, if you want a monthly 

> 2.) How can we limit User- and Listadministration from WEB only (no
> e-mail)?

Set the list so that it does not look for Administriva, then reroute the 
list-request alias to /dev/null or to an autoresponder that sends back a 
note telling folks to use the web.

> 3.) What about the e-mail itself? Any ideas, how to encrypt the e-mails,
> so that non-list-members will not be able to read them?

This is interesting...  There are actually MTA's that will do this for you 
- that will encrypt the mail leaving the server, and decrypt the mail 
coming to the server.  
You could also run the mail bodies through a pre-processor that encrypted 
the bodies using something like gpg.  Procmail will allow you to do this.   
For it to work properly, you will need to have a savvy user group.  They 
will have to be smart enough to decrypt the message on their end.

> 4.) Certainly there are more steps to be taken to make MailMan more
> secure. We have already chosen QMail, Apache and RSBAC to protect the
> system but are there any plans/implementations to improve MailMan in such
> direction?

I can't speak for the direction of Mailman.  It's open source though, so 
feel free to pull it in the direction you would like to see it go.  All 
contributions are accepted.

Jon Carnes

More information about the Mailman-Users mailing list