[Mailman-Users] approval password linked to sender rather than list?

Patrick Bogen pdbogen at gmail.com
Mon May 15 17:15:07 CEST 2006

On 5/15/06, David Lee <t.d.lee at durham.ac.uk> wrote:
> List subscribers can already have passwords attached to their membership
> of a particular list, but this is (I understand) only for subscription
> maintenance, not for posting authorisation.  So the concept of password
> linked to email address is already present in Mailman.
> It would seem reasonable to extend Mailman to have a variant of the
> "Approved:" scheme (albeit with its inherent weak authentication) in which
> the password is associated with each "permitted.poster.1" sender name
> to discriminate a real sender from the spoofer.

On the surface, this seems pretty reasonable. It ought to be easy to
amend the bits that checked Approved: against the moderator/admin
password to also check against the user password.

For your purposes (*all* users must include a pssword), I think, this
is trivial:

in Mailman/Handlers/Approve.py, on or about line 108, change:

if passwd is not missing and mlist.Authenticate((mm_cfg.AuthListModerator,

if passwd is not missing and mlist.Authenticate((mm_cfg.AuthListModerator,

(without, of course --BEGIN-- and --END--). That said, I don't really
know Python, nor am I intimately familiar with the Mailman codebase,
so you might want to wait for someone more knowledgable to vette this

And, of course, when/if you upgrade, you'll need to re-do this, since
Approve.py will get overwritten.

- Patrick Bogen

More information about the Mailman-Users mailing list