[Mailman-Users] Security in an nnouncement only list

Brad Knowles brad at stop.mail-abuse.org
Fri Sep 3 01:34:32 CEST 2004

At 3:55 PM -0700 2004-09-02, Jeff Pflueger wrote:

>  Everything is working great, but there seems to be a glaring security
>  hole: Somebody can fake the From: in the email and post to the entire
>  list.


>         The best way around this (available in the Listserv software)
>  is an email confirmation sent to the poster.

	You could reject all postings from unapproved addresses, and 
moderate your own.  When you get the notice that there is a message 
to moderate, you can release it from the web interface.

>  Is there a way to set this up in mailman? Could I set up the poster
>  to be moderated by himself or something like that?

	Essentially, yes.

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the Mailman-Users mailing list