[Mailman-Users] (no subject)
brad at shub-internet.org
Thu Aug 23 03:08:24 CEST 2007
On 8/22/07, Nicoll, Alan wrote:
> 1. We don't want any 'list owners' or 'moderators'. Just we lucky few
> admins will run the lists.
Then use a single central alias or mailing list as the list owner for
each of those lists, and have that be directed to your admins. For
one site I help administer, "listmaster" is the registered owner of
virtually all mailing lists on the system, and that in turn is an
alias which gets sent out to a few admins on the project.
> 2. We want the majority of the lists to be open for users to
> subscribe/unsubscribe without any passwords required.
If your lists are publicly accessible, this will open you up to being
abused as a DDOS facility. Imagine your personal e-mail address
being subscribed to several hundred mailing lists that don't do any
validation or require any confirmation that you do actually want to
If these lists are not publicly accessible, and you have adequate
security controls elsewhere, then you should be okay.
However, even if the users are directly subscribed and without
confirmation, they'll still be issued passwords and those passwords
will be sent out to them on a monthly basis, so that they have the
ability to log into a web site on your server and manage their
I guess you could simply choose not to run the standard cron job for
"mailpasswds", but that won't prevent the system from generating the
passwords for the user, just from having it send out those password
reminders on a monthly basis.
You're not going to get completely rid of this feature, at least not easily.
> 3. We want the other very few lists to be setup so only the single list
> admin(s) adds and removes names from the list.
As above, but make sure that these lists require approval (from the
list owner/admin staff).
> 4. All of the lists are for broadcast only with the majority being used by
> automated processes that do not react nicely to bounces or other
> administrivia and are not members of each list.
Mailman should handle issues with bounces internally, unless the
recipient has a broken mail system which sends bounces back to the
original sender. You've seen some of that on this list, and I nuked
the users in question very quickly, because I didn't want them to get
into auto-responder wars with others on the list.
That said, you could always configure your automated processes to use
a sender address that can handle bounces or auto-replies, and which
is on the appropriate "white list" for each mailing list, so that it
no longer matters whether bounces or auto-replies are sent back to
the original sender or not.
Since you provide the sender address as input to the process when the
message is generated, you can make this whatever you want.
Brad Knowles <brad at shub-internet.org>, Consultant & Author
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
Slides from Invited Talks: <http://tinyurl.com/tj6q4>
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
More information about the Mailman-Users