[Mailman-Users] spam proof announcement style list

Stephanie Westbrook steph at webfabbrica.com
Sun Oct 9 09:48:48 CEST 2005 

Well, I tried using the Approved line method. But there were several 
problems. 

First, my mail client is pegasus 4.12a ono Win xp pro sp2. Mailman 
is 2.1.6.

Problem 1 is major. On my mailing list for the time being I have 
several of my own email addresses. They are setup as separate 
users (not separate identities) in pegasus. In some, but not all, I see 
the approved line with password, ie it was not removed from the 
message.

Problem 2 is less grave but still a problem. The message now 
arrives with a text attachment which is the footer for the mailing list. 
So you no longer see it as part of the message, but as a separate 
attachment. And since it contains info such as how to change list 
options, I'd rather have it there in plain sight.

At this point I will go back to hiding the sender.  

Thanks and comments appreciated.

Stephanie

On 8 Oct 2005 at 12:28, Mark Sapiro wrote:

Stephanie Westbrook wrote:
>
>I've just configured my first announcement style list. There will
>only be a few people on the list without the moderator bit set and I
>have it set to hide the sender's address will default to
>"announce at dom.ain"
>
>And I set it so that messages from non members are rejected and 
new
>members are always moderated.
>
>Is this safe? Have I taken care of everything?


It is fairly safe, but it could be safer. The issue here is that
anyone can post by spoofing the address of one of the unmoderated
posters. Since you have the list set to anonymous, these addresses
won't be totally obvious, but they still might be available for
example in the "list run by" link at the bottom of the listinfo page.

Also, with various malware harvesting addresses from people's 
address
books it is even possible that some malware might mail itself to the
list while spoofing an authorized poster.


>I read about having everyone moderated but don't really 
understand
>how it is supposed to work. If this is a better solution, could
>someone explain? Does it mean that the few people allowed to 
post on
>the list will have to go in and approve their messages each time?


This is the safer way to do it. Everyone is moderated and any 
ordinary
post will be rejected no matter who it is from. Authorized posters
need to know the list password and put the line

Approved: list_password

either as a header if their MUA allows this conveniently or as the
first body line of the post. This allows the post to go directly to
the list. Note that if you put the Approved: line in the body, follow
it with a blank line as at least some Mailman versions remove the
following line when removing the Approved: line.

--
Mark Sapiro <msapiro at value.net>       The highway is for gamblers, 
San
Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list