[Mailman-Users] MailMan For LAN Only

Stephen J. Turnbull stephen at xemacs.org
Sat Aug 8 05:14:08 CEST 2009


Carlos Williams writes:

 > I am wanting to implement MailMan for my company LAN. I am currently
 > running my email server on Postfix. I am wondering if someone can
 > answer these questions for me. If I install MailMan / Apache on my
 > mail server, will the MailMan list be visible by anyone on the web who
 > can access my mail server via Apache?

No, only to those with the admin password.  It may also be possible to
get the list of members by email, but (a) list members (or the admin)
can exclude their own addresses from that list and (b) the facility
can be turned off entirely (which it is by default AFAIK).

However, as Adam McGregor pointed out, this really isn't an issue of
Mailman security at all as you've described it so far.  It's a
question of locking down the firewall in general, the MTA, and Apache.

First, you may want to consider a separate host which runs Postfix,
Apache, and Mailman.  The only users are root, mailman, and www-data.
This is not an MX, in fact it probably shouldn't be routable at all
from outside the LAN/VPN.  I ran my (very small) Mailman lists from a
Pentium 133 MHz with 80MB of RAM running Linux until it died last
year.  Mailman per se thus can run on any hardware you can buy off the
shelf today.  Performance should not be a problem until you have lists
> 10000 members with frequent traffic; the price of the hardware will
be determined by the reliability you demand.

If you are installing a webserver on the existing mail host only to
provide the Mailman web interface, you can restrict access to Apache
at the firewall.  This implies that admins do their work, and list
members access their membership configurations, via the corporate LAN
or VPN.

Mailman restricts access to the membership list and other admin
functions to those with the admin password.  If you use a strong
password and have access via https rather than http, the worrying risk
to the admin pages is social (disgruntled admins, bribery, rootkit on
the admin's machine) rather than technical, even with access via the
public Internet.  (I still recommend restricting access to the Mailman
pages to inside the LAN/VPN, though.)

 > I am worried about spammers using MailMan to harvest valid email
 > addresses.

The main vulnerability here is the archives.  Some obfuscation of the
addresses in the messages can be done by the default archiver.  But a
better route is to restrict access to those pages (or to Apache
itself) to inside-the-LAN IP addresses.

 > Can someone please tell me if this is possible and or how I should
 > consider configuring MailMan for my LAN?

If I were you, I wouldn't worry about configuring Mailman for security
at all.  I'd configure the firewall and Apache to require strong
authorization (eg, the VPN or attached directly to the LAN) to access
Mailman admin and user pages (including the list archives) at all.  If
people need access from outside the physical LAN, they should use a
VPN.



More information about the Mailman-Users mailing list