[Mailman-Users] FW: FW: No One Can Post a Message but the Server

Tue Jul 18 14:58:30 CEST 2006

Thank you for the feedback on this issue ... I wanted to give you an update
about the newsletter this morning.  The newsletter was generated by the
server but it was never distributed to the mailing list.

My first action was to get the newsletter out.  I added the server mail id
and the "From: " mail id in the header of the email to
accept_these_nonmembers.  I ran the script from the server manually and the
newsletter was distributed.

I looked at the header of the newsletter I received.  The "Approved: <list
password> line was removed before the newsletter was distributed.  Version
says I am "Using Mailman version: 2.1.5" by the way.

I had some new people subscribe to the list last night.
Default_member_moderation is set to Yes but the moderation bit of the new
members is not being set.

It still looks like we have some bugs to work out with this scheme.  

Thanks again for your help!  Greg

-----Original Message-----
From: Mark Sapiro [mailto:msapiro at value.net] 
Sent: Monday, July 17, 2006 8:00 PM
To: Dragon; Greg Sims; mailman-users at python.org
Subject: Re: [Mailman-Users] FW: No One Can Post a Message but the Server

Dragon wrote:
>
>Yes, the Approved: line with the password gets stripped from the mail 
>if and ONLY if it meets one of two criteria.
>
>1. It is the very first line in the body of the e-mail, there can be 
>no other lines before it.

Actually, if it is in the body, it can be preceded by blank lines, but
it must be the first non-blank line in the first text/plain part of
the message.

However, there is a safety valve in that if the password is incorrect
or the Approved: line is somewhere where it won't be recognized and
stripped, the post will be held/rejected/discarded and will not be
sent to the list.

>2. It is used as a header (I think this is really the best approach 
>if you can do it, I am certain this can be done in Python, Perl and 
>PHP, not so sure, about a bash script).

The Header is definitely better. If it is in the body, there can be
issues in removing it from all alternative parts of a
multipart/alternative message. I'm working on improving this process,
but it currently can fail (and isn't even attempted pre Mailman 2.1.7).

>>Should the <list password> be the administrator for the list?  This is the
>>way it is setup for the server early Tuesday morning.  I hope it is
correct.
>
>I believe the moderator password will work too. I am sure somebody 
>will correct me if I am wrong. If so, you ought to use it because if 
>it somehow becomes disclosed accidentally, there is much less 
>potential for damage by malicious people than with the administrator
password.

Excellent suggestion!

-- 
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan