[Mailman-Users] Approve subscription requests via mail

LuKreme kremels at kreme.com
Mon Nov 20 07:13:30 CET 2006 

On 19-Nov-2006, at 22:00, Brad Knowles wrote:
> At 12:11 PM +0900 11/20/06, Stephen J. Turnbull wrote:
>>  Just use the message's message id, munged into URI-compatibility if
>>  necessary.
>
> Doesn't work.  Too many MUAs out there use very non-specific strings
> for their message-ids, and you'd get too many collisions.
>
> At a minimum, I figured that you'd need to take certain standard
> headers which are almost always present (Date, Subject, From, To, Cc,
> Message-ID, etc...), generate a cryptographic hash (MD-5, SHA-1,
> SHA-256, or whatever else you feel sufficiently comfortable with),
> and that should be a good starting point.  But it would still be just
> a starting point.  You'd still have to have a collision
> detection/avoidance algorithm.

Well, you can have mailman generate a "X-Mailman-ID:" for outgoing  
messages before it archives them or sends them to the list.  That  
way, you can guarantee that the ID is unique (use a message-id like  
format with SomeHash at listname.domain.tld).  Since that ID is part of  
the message, it gives a perfect 1:1 relationship between the  
individual message and the link to the archive of the message.  In  
fact, it can even BE a link to the archive of the message (but  
please, make that a toggle-able feature).

> IMO, you don't want to do a crypto hash over the body of the entire
> message, because that would take longer to calculate, and would be
> less likely to survive transmission, translation, future changes to
> the message body filtering code,

It doesn't matter if the body changes AFTER the ID is generated.  But  
agreed, doing it over the whole message would take too long. How  
about over the first 4096 bytes of the message+headers?

> etc....  You want to choose things
>>  This scheme also has the advantage that you can predict the URL  
>> having
>>  only a copy of the message.  So you could put the full URL of the
>>  current message in the List-Archive header (if that doesn't  
>> contravene
>>  the RFC), or you could add an X-List-Archive-Current-Post-URL  
>> header.
>
> Yup, that would be an additional useful feature.

Seems to make more sense to generate the code whilst the message is  
'owned' by mailman and then there's nothing to worry about it being  
munged in transit or on the other end.

-- 
"I don't care how much melanin you have in your skin  nor who you  
sleep with, you can't have my cheese."

More information about the Mailman-Users mailing list