[Mailman-Users] eMailing a members only list from aknown locationwith out verifying members.

Grant Taylor gtaylor at riverviewtech.net
Thu Dec 18 17:57:04 CET 2008

On 12/18/08 10:42, Mark Sapiro wrote:
> X has no way to manipulate the message's metadata which is 
> initialized by the post script invoked by the wrapper.


> What this means is that without modifying Mailman in some way, the 
> Approved: header is the only tool available.


> Now, the wrapper is pretty simple. When it is invoked via
> /path/to/wrapper post LIST
> all it does is set the effective group to 'mailman' (or whatever your 
> Mailman group is), check that 'post' is a valid command, and invoke 
> scripts/post with the rest of the arguments (i.e. LIST and whatever 
> follows).


> So, if you could arrange for mm-handler or whatever to pipe the gated 
> message to
> /path/to/wrapper post LIST fromusenet

That can be done.

> you could modify scripts/post to detect this additional argument and 
> add fromusenet=1 to the metadata when it queues the message.

Ok...  That is assuming I can hack enough Python to pull this off.  But 
in theory it sounds good.  :)  And I like it.

> Of course, this may be insecure depending on just how you arrange for 
> the additional argument to be added since others besides the 
> newsgroup may be able to invoke this.

I acknowledge this potential spam exploit and I'm willing to accept the 
ramifications.  Seeing as how this is a closed system with only a few 
admins having access, I'm not all that worried.

Grant. . . .

More information about the Mailman-Users mailing list