[Mailman-Users] eMailing a members only list from aknown locationwith out verifying members.
gtaylor at riverviewtech.net
Thu Dec 18 17:57:04 CET 2008
On 12/18/08 10:42, Mark Sapiro wrote:
> X has no way to manipulate the message's metadata which is
> initialized by the post script invoked by the wrapper.
> What this means is that without modifying Mailman in some way, the
> Approved: header is the only tool available.
> Now, the wrapper is pretty simple. When it is invoked via
> /path/to/wrapper post LIST
> all it does is set the effective group to 'mailman' (or whatever your
> Mailman group is), check that 'post' is a valid command, and invoke
> scripts/post with the rest of the arguments (i.e. LIST and whatever
> So, if you could arrange for mm-handler or whatever to pipe the gated
> message to
> /path/to/wrapper post LIST fromusenet
That can be done.
> you could modify scripts/post to detect this additional argument and
> add fromusenet=1 to the metadata when it queues the message.
Ok... That is assuming I can hack enough Python to pull this off. But
in theory it sounds good. :) And I like it.
> Of course, this may be insecure depending on just how you arrange for
> the additional argument to be added since others besides the
> newsgroup may be able to invoke this.
I acknowledge this potential spam exploit and I'm willing to accept the
ramifications. Seeing as how this is a closed system with only a few
admins having access, I'm not all that worried.
Grant. . . .
More information about the Mailman-Users