[Mailman-Users] FW: No One Can Post a Message but the Server

[Mark Sapiro]

Dragon wrote:
>
>Yes, the Approved: line with the password gets stripped from the mail 
>if and ONLY if it meets one of two criteria.
>
>1. It is the very first line in the body of the e-mail, there can be 
>no other lines before it.


Actually, if it is in the body, it can be preceded by blank lines, but
it must be the first non-blank line in the first text/plain part of
the message.

However, there is a safety valve in that if the password is incorrect
or the Approved: line is somewhere where it won't be recognized and
stripped, the post will be held/rejected/discarded and will not be
sent to the list.


>2. It is used as a header (I think this is really the best approach 
>if you can do it, I am certain this can be done in Python, Perl and 
>PHP, not so sure, about a bash script).


The Header is definitely better. If it is in the body, there can be
issues in removing it from all alternative parts of a
multipart/alternative message. I'm working on improving this process,
but it currently can fail (and isn't even attempted pre Mailman 2.1.7).


>>Should the <list password> be the administrator for the list?  This is the
>>way it is setup for the server early Tuesday morning.  I hope it is correct.
>
>I believe the moderator password will work too. I am sure somebody 
>will correct me if I am wrong. If so, you ought to use it because if 
>it somehow becomes disclosed accidentally, there is much less 
>potential for damage by malicious people than with the administrator password.


Excellent suggestion!

-- 
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan